An internal audit for an organization recently identified malicious actions by a user account. Upon further investigation, it was determined the offending user account was used by multiple people at multiple locations simultaneously for various services and applications. What is the BEST method to prevent this problem in the future?
The best method to prevent malicious actions by a user account that was used by multiple people at multiple locations is to ensure that each user has their own unique account. This method enhances accountability and traceability, making it easier to identify the specific individual responsible for any actions taken on the system. Shared accounts obscure the identity of the actual user, making it difficult to track malicious actions accurately. By assigning unique accounts to each user, the organization can better manage user permissions and monitor individual activities, reducing the risk of unauthorized access or misuse.
C is detective and not preventive
A is correct
A seems to be the correct answer.
The question did not imply users sharing account. A user's unique account could have been compromised and used at multiple locations simultaneously. Answer A would not address this issue. Answer C is the most logical.
Reread the question again. It’s asking for Preventive measure. A is the correct answer.
C is the most reasonable answer.
No, having a SIEM alert does not prevent it. Its a detective control. A is the only one that prevents it (or at least could prevent it).
"malicious actions" SIEM lets you detect when it is being used and you have sufficient information to follow security policy and shut down access. The part it stops is the real question. It stops the malicious action by providing knowledge of secpol abuse and alerting people who should enforce secpol. Nothing noted here stops everyone from using the same account at all and that part may not be what is preventable, but the malicious part could be. (https://www.ibm.com/topics/siem)
I will go with C for the following reason: This scenario is either the user credential got compromised, or the user shared his credentials with other people. And in both cases, Option A will not solve the problem, because most likely every user has its own account already. The problem is identified by internal Audit process, which could be detected earlier than that if SIEM solution was set to alert you for this use case. And this way you can prevent this incident in the future by immediacy responding to the problem once it is alerted.
A SIEM will not PREVENT anything. "A" is the only answer that stinks less (still not effective in my opinion).
ensuring that each user has an account is not sufficient to solve the problem, it does not prevent the sharing of the account between users, services and applications, so the most correct one seems to me to be monitoring and alerts/plyabook (e.g. lock account) SIEM
Question is broader than simply "which control is preventative?". Question is asking best way to PREVENT the problem occuring. Problem is two part: 1. Malicious actions not identified until internal Audit occured. 2. Multiple people at multiple locations simultaneously using the account. Option C stands the highest chance of preventing both parts of the problem (it's still not ideal, but is better than A... Providing a unique account does not prevent it being shared. Shared account could be used for malicious actions and this could then again not be discovered until the next internal audit).
javascript:void(0)C , this is the main function of SIEM
A. Ensure each user has their own unique account.
C is correct , if the objective to be a CISSP certified because ( we need to think like a "manager") , there should be a policy stopping share accounts in place ,at this level ; w e need to know who violate it , then we can conduct the awareness or training accordingly
The correct answer is A. Ensure each user has their own unique account. Explanation: To prevent the problem of multiple people using a single user account simultaneously, the best method is to ensure that each user has their own unique account. By providing each user with a unique account, it becomes easier to track individual activities, enforce access control, and maintain accountability for actions taken on the organization's systems and applications. Additionally, this practice helps prevent unauthorized access or misuse of privileges, as each user's permissions can be tailored specifically to their job responsibilities.
C is correct! sounds a little crazy, but thinking as a manager, we must have proper solution in place (SIEM) to log and alert. most of the IT engineers sneak in and use the systems' login accounts to leave no accountability traces, therefor as a manager you do want something to log and hold people accountable.
A. Ensure each user has their own unique account. By ensuring that each user has their own unique account, individual actions can be traced back to a specific individual, which aids in accountability and non-repudiation. Sharing accounts makes it difficult to determine who performed a specific action, leading to potential security risks and challenges in investigations. The other options do not effectively address the root cause of the problem or provide a robust solution.
Answer A) Ensure each user has their own unique account Answer C seems like a good option until realize it does not prevent anything and only reports after another incident. The other answers are not preventative as well.
Weird question. Honestly none of these answers seem like it would be a decent control. I guess A would be the closest with D a close second. But in reality the real answer is that you would use session management with context access control
A - feels almost too obvious