Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 252

Which of the following activities best illustrates a user's authentication control?

Answer options

• A. Identity requests are approved in two steps.
• B. Logs are checked for misaligned identities and access rights.
• C. Users have to validate their identity with a smart card.
• D. Functions can be performed based on access rights.

Correct answer: C

Explanation

The correct answer is C because validating identity with a smart card is a direct method of authentication, confirming the user's identity before granting access. Options A, B, and D relate more to access management and monitoring rather than the direct process of authenticating a user's identity.