Which of the following controls can be considered a preventive measure against unauthorized access?

Multi-factor authentication (MFA) is a robust preventive measure against unauthorized access because it requires users to provide multiple forms of verification before gaining access to systems or information. This typically involves something the user knows (like a password), something the user has (like a security token or mobile device), or something the user is (such as biometric data). By requiring more than one of these factors, MFA significantly reduces the chances of unauthorized users gaining access, as it is much more difficult for an attacker to compromise multiple authentication methods simultaneously.

Other controls, while important for overall security, function in different capacities. Single sign-on enhances user convenience by simplifying the authentication process but does not inherently add layers of security against unauthorized access. Network segmentation helps contain security breaches by separating systems and limiting access, but it’s primarily a means to mitigate damage rather than directly preventing access. Encryption secures data in storage and transit, making it unreadable without the appropriate keys, but it does not control user access actively. Therefore, among the options, MFA stands out as the most effective preventive control against unauthorized access.