Certified Information Systems Auditor (CISA) — Question 623

Which of the following is the BEST way to ensure payment transaction data is restricted to the appropriate users?

Answer options

• A. Implementing role-based access at the application level
• B. Restricting access to transactions using network security software
• C. Using a single menu for sensitive application transactions
• D. Implementing two-factor authentication

Correct answer: A

Explanation

Implementing role-based access at the application level is the best way to restrict payment transaction data to the appropriate users because it assigns permissions based on user roles, ensuring only authorized users can access sensitive information. Network security software may provide some level of protection, but it doesn't control access at the application level. A single menu for sensitive transactions does not effectively limit access, and two-factor authentication, while enhancing security, does not specifically manage user permissions.