Question: An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
A.) Review the procedures for granting access
B.) Establish procedures for granting emergency access
C.) Meet with data owners to understand business needs
D.) Redefine and implement proper access rights

Download pdf (with explanations) edition of this exam.