Certified in Risk and Information Systems Control (CRISC) — Question 234

The BEST key performance indicator (KPI) for monitoring adherence to an organization's user accounts provisioning practices is the percentage of:

Answer options

• A. active accounts belonging to former personnel.
• B. accounts with dormant activity.
• C. accounts without documented approval.
• D. user accounts with default passwords.

Correct answer: C

Explanation

The correct answer is C because accounts without documented approval indicate a failure to adhere to provisioning policies, highlighting potential security risks. Options A and B focus on the status of accounts rather than compliance, while D addresses a specific security issue but does not directly measure adherence to provisioning practices.