Certified Information Systems Auditor (CISA) — Question 1242

Which of the following is the MOST effective control to mitigate against the risk of inappropriate activity by employees?

Answer options

• A. Two-factor authentication
• B. Network segmentation
• C. User activity monitoring
• D. Access recertification

Correct answer: C

Explanation

User activity monitoring is the most effective control as it allows organizations to track and analyze employee actions, helping to identify any inappropriate behavior. While two-factor authentication enhances security, it does not monitor activities. Network segmentation and access recertification are important for limiting access and ensuring permissions are up to date, but they do not directly observe employee behavior.