Certified in Risk and Information Systems Control (CRISC) — Question 290

Which of the following is the MOST effective control to ensure user access is maintained on a least-privilege basis?

Answer options

• A. Change log review
• B. User recertification
• C. Access log monitoring
• D. User authorization

Correct answer: B

Explanation

User recertification is the best option because it involves regularly reviewing and validating user access rights to ensure they align with the least-privilege principle. Change log review, access log monitoring, and user authorization are important but do not specifically focus on the ongoing verification of user access levels as effectively as recertification does.