An auditor is testing the 'Termination' process. They find that a terminated employee's Active Directory account was disabled 5 days after their departure. The policy states 'Immediate' (within 24 hours). What is the risk?

Answer options:

Unauthorized access by the former employee or others using their credentials.

The employee might not get their final paycheck.

The system will run out of licenses.

The employee cannot apply for COBRA benefits.

How to approach this question

Identify the security risk of an active account with no owner.

Full Answer

A.Unauthorized access by the former employee or others using their credentials.✓ Correct

Failure to disable accounts immediately upon termination leaves a window of opportunity for the disgruntled former employee to access the system, steal data, or cause damage. It also allows others to potentially use the orphaned account.

Common mistakes

Focusing on HR/Payroll consequences rather than IT Security.

Question 69 All questions Question 71

Practice the full CPA ISC Practice Exam 3

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...Medium Q02During a review of a client's cloud governance structure, an auditor notes that the client uses a...Medium Q03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...Hard Q04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...Hard Q05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium

View all 82 questions →