PECB Lead Implementer (ISO/IEC 27001) — Question 15

FinanceX, a well-known financial institution, uses an online banking platform that enables clients to easily and securely access their bank accounts. To log in, clients are required to enter the one-time authorization code sent to their smartphone. What can be concluded from this scenario?

Answer options

• A. FinanceX has implemented a security control that ensures the confidentiality of information
• B. FinanceX has implemented an integrity control that avoids the involuntary corruption of data
• C. FinanceX has incorrectly implemented a security control that could become a vulnerability

Correct answer: A

Explanation

The correct answer is A because requiring a one-time authorization code sent to a client's smartphone enhances the confidentiality of their bank account information by ensuring that only authorized users can access it. Option B is incorrect as the scenario does not focus on data integrity, and option C is not valid since the implementation of two-factor authentication is a recognized security practice, not a vulnerability.