Certified Information Systems Security Professional (CISSP) — Question 377

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?

Answer options

• A. Implement bi-annual reviews.
• B. Create policies for system access.
• C. Implement and review risk-based alerts.
• D. Increase logging levels.

Correct answer: C

Explanation

Implementing and reviewing risk-based alerts allows for real-time monitoring of account activities, enabling quicker identification of unauthorized or suspicious account creations. The other options, while useful, do not provide the same level of proactive risk management as alerts that can trigger immediate responses to potential security threats.