PECB Lead Implementer (ISO/IEC 27001) — Question 21

Based on scenario 3. what would help Socket Inc. address similar information security incidents in the future?

Answer options

• A. Using the MongoDB database with the default settings
• B. Using cryptographic keys to protect the database from unauthorized access
• C. Using the access control system to ensure that only authorized personnel is granted access

Correct answer: C

Explanation

The correct answer is C, as an access control system is essential for ensuring that only authorized personnel can access sensitive information, thus reducing the risk of breaches. Option A is incorrect because using default settings can leave vulnerabilities open, while option B, although important for security, does not address the issue of who is granted access to the database.