Certified in Risk and Information Systems Control (CRISC) — Question 538

Which of the following controls will BEST mitigate risk associated with excessive access privileges?

Answer options

• A. Frequent password expiration
• B. Segregation of duties
• C. Entitlement reviews
• D. Review of user access logs

Correct answer: C

Explanation

Entitlement reviews (Option C) are crucial for identifying and managing excessive access privileges by regularly reviewing user permissions. While frequent password expiration (A) and review of user access logs (D) enhance security, they do not specifically address the issue of excessive access rights. Segregation of duties (B) also helps in reducing risk but is not as directly focused on access entitlement as Option C.