Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN. Recently, members of your organization have been targeted through a number of sophisticated phishing attempts, resulting in compromised credentials. What action can you take to prevent external misuse of compromised credentials while still allowing employees to manage their bank information?
A) Turn off VPN access for users originating from outside the country
B) Remove VPN access for all employees except for senior management
C) Enable monitoring on the VPN for suspicious activity
D) Block access to the Employee-Self Service application via VPN
Correct Answer:
Verified
Q319: The CIO of an organization has decided
Q320: Which of the following is considered to
Q321: How often should the Statements of Standards
Q322: Your incident response plan should include which
Q323: The security team has investigated the theft/loss
Q325: When dealing with risk, the information security
Q326: Which of the following methodologies references the
Q327: Scenario: Your program is developed around minimizing
Q328: Scenario: A CISO has several two-factor authentication
Q329: The general ledger setup function in an
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents