CERTIFIED-IN-CYBERSECURITY Question #412: Real Exam Question with Answer & Explanation

Question

What is the typical response when someone is detected trying to access a database without permission?

Options

• AThe user is given a warning
• BThe user's account is deleted
• CThe attempt is logged, and the user is blocked
• DThe user is promoted to a higher access level

Explanation

If someone tries to access a database without permission and is discovered, the typical response is to log the attempt and block the user. This is standard cybersecurity practice to prevent unauthorized access and potential data breaches. Another possible course of action is to record the incident and alert the appropriate people to take action (this could include reviewing the incident and possibly blocking the user) (see ISC2 Study Guide Chapter 3, Module 1). For example, if an employee attempted to access a restricted database, the system would record the user's ID, the time of the attempt, and the data they attempted to access. The system would then block the user's access, either temporarily or permanently, depending on the severity of the violation. The remaining options are not typical responses to unauthorized access attempts. Deleting the user's account is usually an extreme measure and not a typical first response. It could also interfere with legitimate activities if the user has other authorized roles within the system. Issuing a warning may be part of the response, but it will not prevent further attempts. It's also important to investigate the incident to understand why it happened and how it can be prevented in the future. Finally, promoting the user to a higher access level would increase the security risk. This goes against the principle of least privilege, which states that users should have the minimum level of access necessary to perform their job.

No community discussion yet for this question.