What would be the MOST effective control for enforcing accountability among database users
accessing sensitive information?
implement a log management process
implement a two-factor authentication
Use table views to access sensitive data
Separate database and application servers
Accountability means knowing what is being done by whom. The best way to enforce the principle
is to implement a log management process that would create and store logs with pertinent
information such as user name, type of transaction and hour. Choice B, implementing a two-factor
authentication, and choice C, using table views to access sensitive data, are controls that would
limit access to the database to authorized users but would not resolve the accountability problem.
Choice D may help in a better administration or even in implementing access controls but, again,
does not address the accountability issues.