You are the administrator of your enterprise. Which of the following controls would you use that BEST protects an enterprise from unauthorized individuals gaining access to sensitive information? 

Answer options:

A. Monitoring and recording unsuccessful logon attempts
B. Forcing periodic password changes
C. Using a challenge response system
D. Providing access on a need-to-know basis

D

Physical or logical system access should be assigned on a need-to-know basis, where there is a legitimate business requirement based on least privilege and segregation of duties. This is done by user authentication. Incorrect Answers: A: Monitoring and recording unsuccessful logon attempts does not address the risk of appropriate access rights. In other words, it does not prevent unauthorized access. B: Forcing users to change their passwords does not ensure that access control is appropriately assigned. C: Challenge response system is used to verify the user`s identification but does not completely address the issue of access risk if access was not appropriately designed in the first place.