You work for a company that is growing. Originally, all the users in all departments had access to all the data in the database. It is considered a security risk. What is an appropriate action to reduce the risk?
A)Install a two-step login procedure, where the user has to key in additional information for logging in
B)Install and provide stronger anti-virus software on the users' computers
C) Tweak the firewall parameters so that outgoing traffic can be better controlled
D) Assign roles and privileges to users so that only job-relevant data is accessible to the user.

Question

You work for a company that is growing. Originally, all the users in all departments had access to all the data in the database. It is considered a security risk. What is an appropriate action to reduce the risk?
A)​Install a two-step login procedure, where the user has to key in additional information for logging in
B)Install and provide stronger anti-virus software on the users' computers
C) Tweak the firewall parameters so that outgoing traffic can be better controlled
D) Assign roles and privileges to users so that only job-relevant data is accessible to the user.

Quizplus · Accepted Answer

The best choice is to assign roles and privileges to users so that only job-relevant data is accessible to the user. This will limit the access to sensitive data only to those who need it to perform their work, reducing the risk of unauthorized access and leakage. Installing a two-step login procedure or stronger anti-virus software won't address the core issue of granting unrestricted access to everyone. Tweaking the firewall parameters might help with outgoing traffic, but it won't prevent insiders with full access from downloading or copying sensitive data.

You Work for a Company That Is Growing