CISA Certified Information Systems Auditor – Question1604

The human resources (HR) department has developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet. Which of the following would protect the confidentiality of the data?

A.
SSL encryption
B. Two-factor authentication
C. Encrypted session cookies
D. IP address verification

Correct Answer: A

Explanation:

Explanation:
The main risk in this scenario is confidentiality, therefore the only option which would provide confidentiality is Secure Socket Layer (SSL) encryption. The remaining options deal with authentication issues.