Certified Information Systems Auditor (CISA) — Question 1405

During a review, an IS auditor discovers that corporate users are able to access cloud-based applications and data from any Internet-connected web browser.
Which of the following is the auditor's BEST recommendation to help prevent unauthorized access?

Answer options

• A. Utilize strong anti-malware controls on all computing devices.
• B. Implement an intrusion detection system (IDS).
• C. Update security policies and procedures.
• D. Implement multi-factor authentication.

Correct answer: D

Explanation

Implementing multi-factor authentication (MFA) significantly enhances security by requiring users to provide multiple forms of verification before granting access, thus reducing the risk of unauthorized entry. While anti-malware controls and IDS are important, they do not directly address authentication vulnerabilities. Updating security policies is essential, but without MFA, users can still access sensitive data without sufficient verification.