CompTIA CySA+ (CS0-001) — Question 138

A company invested ten percent of its entire annual budget in security technologies. The Chief Information Officer (CIO) is convinced that, without this investment, the company will risk being the next victim of the same cyber attack its competitor experienced three months ago. However, despite this investment, users are sharing their usernames and passwords with their coworkers to get their jobs done. Which of the following will eliminate the risk introduced by this practice?

Answer options

• A. Invest in and implement a solution to ensure non-repudiation
• B. Force a daily password change
• C. Send an email asking users not to share their credentials
• D. Run a report on all users sharing their credentials and alert their managers of further actions

Correct answer: C

Explanation

Sending an email asking users not to share their credentials (Option C) directly addresses the behavior by raising awareness, which can effectively reduce the risk. The other options, while they may enhance security, do not directly eliminate the practice of sharing credentials. Option A focuses on non-repudiation, Option B imposes a password change which may be inconvenient, and Option D involves monitoring rather than preventing the issue.