CISA Certified Information Systems Auditor – Question1508

Which of the following controls would BEST detect intrusion?

A.
User IDs and user privileges are granted through authorized procedures.
B. Automatic logoff is used when a workstation is inactive for a particular period of time.
C. Automatic logoff of the system occurs after a specified number of unsuccessful attempts.
D. Unsuccessful logon attempts are monitored by the security administrator.

Correct Answer: D

Explanation:

Explanation:
Intrusion is detected by the active monitoring and review of unsuccessful logons. User IDs and the granting of user privileges define a policy, not a control. Automatic logoff is a method of preventing access on inactive terminals and is not a detective control.
Unsuccessful attempts to log on are a method for preventing intrusion, not detecting.