Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 135

Which of the following controls is designed to mitigate a physical IT risk?

Answer options

• A. An automated fire prevention system.
• B. Access control restrictions in a system.
• C. Anti-malware protection software.
• D. A network isolating firewall system.

Correct answer: B

Explanation

The correct answer is B, as access control restrictions help prevent unauthorized physical access to IT assets, thereby mitigating physical risks. Options A, C, and D focus on protecting against other types of risks, such as fire hazards, malware attacks, and network threats, which do not directly address physical IT risks.