An auditor is testing 'Logical Access'. They find that the 'Administrator' group contains 15 users, including 5 who left the company years ago. This violates which principle?

Answer options:

Encryption

Recertification / Access Review

Two-Factor Authentication

Input Validation

How to approach this question

The process of checking 'Do these people still need access?' is Recertification.

Full Answer

B.Recertification / Access Review✓ Correct

Recertification / Access Review

Access Recertification (or User Access Review) is the control where management reviews user access rights periodically to ensure they are still appropriate. This would have identified the terminated users.

Common mistakes

Confusing with Termination procedures (which failed, but the Review is the detective control that catches it).

Question 63 All questions Question 65

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →