In performing a pre-audit of network security, an auditor discovers that internal network traffic is not filtered or segmented—finance, HR, and research departments can all access each other's systems freely. What is the PRIMARY security principle being violated?

Home › MCQs › CISA › Question #6834

CISA QUESTION #6834

Question 1

Data encryption
Least privilege and network segmentation✔️
Password complexity
Physical security

Correct Answer Explanation

Least privilege requires that users have only the access necessary for their job functions. Lack of network segmentation allows unrestricted lateral movement and access across departments that have no business need to access each other's systems. Finance staff should not access research systems and vice versa—segmentation enforces this principle.

More Options