ExpertMedium1 markMultiple Choice
CPA · Question 80 · Area II: Security
An auditor is reviewing the 'Termination' process. They find that while network access is revoked immediately, physical access cards are often collected weeks later. What is the risk?
An auditor is reviewing the 'Termination' process. They find that while network access is revoked immediately, physical access cards are often collected weeks later. What is the risk?
Answer options:
A.
The employee might log in remotely.
B.
Terminated employees could physically access the facility and cause damage or theft.
C.
Payroll might continue to pay them.
D.
They might access the VPN.
How to approach this question
Identify the specific risk of the failed control (Physical Card).
Full Answer
B.Terminated employees could physically access the facility and cause damage or theft.✓ Correct
Terminated employees could physically access the facility and cause damage or theft.
Revocation must be comprehensive (Logical + Physical).
Common mistakes
Focusing on logical access when the scenario specifies physical cards.
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium