Comprehensive and Detailed Explanation:
The most effective way to prevent unauthorized access and data theft is requiring multi-factor authentication (MFA), which adds an extra layer of security beyond just passwords.
Option A (Criminal background checks on all contractors) – Background checks help reduce risk but do not prevent credential misuse.
Option B (Reviewing access requests by the privacy office) – The privacy office may advise on best practices but is not responsible for granting or enforcing access controls.
Option C (Escalating access requests for approval by a data custodian) – While this improves oversight, it does not actively prevent credential misuse.
Option D (Requiring MFA) is the best solution because it ensures that even if a password is compromised, an additional authentication factor is required, reducing unauthorized access risks.
[Reference:CIPM Official Textbook, Module: Access Controls and Authentication – Section on Multi-Factor Authentication (MFA) and Least Privilege Principles., , ]
Submit