CISA Certified Information Systems Auditor – Question0082

During a privileged access review, an IS auditor observes many help desk employees have privileges within systems not required for their job functions. Implementing which of the following would have prevented this situation?

A.
Separation of duties
B. Multi-factor authentication
C. Least privilege access
D. Privileged access reviews

Correct Answer: C