ExpertHard1 markMultiple Choice
CPA · Question 39 · Area I: Information Systems
An auditor is reviewing the 'Logical Access' controls. They find that user accounts are not disabled immediately upon termination of employment. This control deficiency primarily increases the risk of:
An auditor is reviewing the 'Logical Access' controls. They find that user accounts are not disabled immediately upon termination of employment. This control deficiency primarily increases the risk of:
Answer options:
A.
SQL Injection attacks
B.
Unauthorized access by former employees
C.
Denial of Service attacks
D.
Hardware failure
How to approach this question
Link the control (disable account) to the risk (person logs in).
Full Answer
B.Unauthorized access by former employees✓ Correct
Unauthorized access by former employees
Failure to disable accounts upon termination allows former employees (who may be disgruntled) to access the system, steal data, or cause damage.
Common mistakes
Overthinking technical hacks; it's a simple access issue.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard