As part of the remediation section in a penetration testing report, which of the following recommendations is the BEST to address an identified issue where employees are regularly bypassing mandatory multifactor authentication due to convenience?
You selected this option
Implement a job rotation program to minimize the risks associated with any single employee regularly bypassing multifactor authentication.
You selected this option
Adjust role-based access control settings to limit the number of users who have the option to bypass multifactor authentication.
You selected this option
Update existing access control and authentication policies to enforce mandatory multifactor authentication and include disciplinary measures for non-compliance.
You selected this option
Enhance existing user training programs to better highlight the importance and benefits of multifactor authentication.
Recommending an update to existing access control and authentication policies to enforce mandatory multifactor authentication reflects the BEST and most direct action to address the issue at hand. This would require employees to adhere to the updated policy, thereby reducing the security risks associated with bypassing multifactor authentication. It is imperative that policies are not only defined but also enforced, as their effectiveness is crippled if compliance is optional or easily circumvented. Enhancing user training could support this policy change, but on its own, it does not mandate action. Adjusting role-based access control or implementing job rotation does not directly address the problem of bypassing multifactor authentication.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multifactor authentication (MFA) and why is it important?
Open an interactive chat with Bash
What are the consequences of not complying with access control policies?
Open an interactive chat with Bash
How can organizations effectively enforce compliance with updated security policies?