5d • 🙋♂️ CISSP
CISSP Practice Question (Domain 3: Security Architecture and Engineering)
A regulated organization designs a system where business users submit high value transactions through an application, while a separate service validates and commits them. Auditors later find administrators could bypass the application and update records directly in the database. Management wants assurance this cannot occur again.
What is the MOST appropriate architectural control to implement NEXT?
A. Stronger privileged user authentication and session recording
B. Mandatory access control enforced at the database layer
C. Constrained interfaces with enforced well formed transactions
D. Increased database activity monitoring and alerting
Come back for the answer tomorrow, or study more now!
4
21 comments
CISSP Practice Question (Domain 3: Security Architecture and Engineering)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+64
2
+47
3
+41
4
+40
5
+24
Powered by