Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information.
All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN. The organization wants a more permanent solution to the threat to user credential compromise through phishing.
What technical solution would BEST address this issue?
A . Multi-factor authentication employing hard tokens
B . Forcing password changes every 90 days
C . Decreasing the number of employees with administrator privileges
D . Professional user education on phishing conducted by a reputable vendor
Answer: A