Learn the most effective compensating control to recommend when an IS auditor notices records of employees entering but not exiting a secure server room with a badge reader system. Discover best practices for server room access controls in this CISA exam question.
Table of Contents
Question
A secure server room has a badge reader system that records name, date, and time information whenever a staff member uses a badge to enter or exit. When reviewing the system logs, an IS auditor notices records for some employees entering, but not exiting, the room. Which of the following would be the MOST effective compensating control to recommend?
A. Installing security cameras at the doors
B. Implementing a monitored mantrap at entrance and exit points
C. Changing to a biometric access control system
D. Requiring two-factor authentication at entrance and exit points
Answer
The most effective compensating control to recommend in this scenario would be:
B. Implementing a monitored mantrap at entrance and exit points
Explanation
A monitored mantrap, also known as an airlock or sally port, is a small space with two sets of interlocking doors. It allows only one person to pass through at a time. The person must wait for the first door to close and lock before the second door opens.
A monitored mantrap would prevent tailgating, where an unauthorized person follows an authorized person into the secure area without badging in. It would also prevent an authorized person from holding the door open for others.
The mantrap ensures that each person must individually badge in and out, creating a complete audit trail. Monitoring the mantrap with video surveillance or a guard provides additional security to identify any suspicious activity.
While the other options like cameras, biometrics, and two-factor authentication improve security, they don’t fully address the issue of employees not badging out. A mantrap is the best compensating control to ensure accurate logs of entrances and exits to the server room.
ISACA CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CISA exam and earn ISACA CISA certification.