Which of the following statements is true regarding access controls in an IT environment?

The statement regarding the use of a blend of controls to achieve optimum security is correct because it recognizes the need for a multi-layered approach to access controls within an IT environment. Each type of control—logical, physical, and administrative—has its strengths and limitations. Relying solely on one category of access controls may leave the environment vulnerable to threats that could be mitigated by implementing a combination of controls.

Logical access controls focus on user authentication and authorization to manage access to digital resources. Physical access controls safeguard hardware and infrastructure by restricting physical entry to sensitive areas. Administrative controls encompass policies, procedures, and training that govern how access is managed and enforced within an organization.

When these controls are used together, they create a comprehensive defense strategy that strengthens the overall security posture. This layered approach ensures that if one control fails or is bypassed, the other controls can still provide protection, thereby reducing the risk of unauthorized access or security breaches. Therefore, utilizing a mix of controls is essential for effectively securing IT environments against a variety of threats.