Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 209

Which of the following controls is the most effective in mitigating activities of bots that continuously attempt to access a user’s account?

Answer options

• A. Password length
• B. User session timeout
• C. User account lockout
• D. Password aging

Correct answer: C

Explanation

The correct answer is C, User account lockout, as it prevents further login attempts after a certain number of failed tries, effectively stopping bots. Options A, B, and D do not directly prevent unauthorized access; instead, they manage password policies and user sessions without addressing the immediate threat from bots.