Question: An account with full administrative privileges over a production file is found to be accessible by a member of the software development team. This account was set up to allow the developer to download nonsensitive production data for software testing purposes. The information security manager should recommend which of the following?
A.) Restrict account access to read only
B.) Log all usage of this account
C.) Suspend the account and activate only when needed
D.) Require that a change request be submitted for each download

Download pdf (with explanations) edition of this exam.