An auditor is reviewing the logical access controls for a financial application. They notice that the 'Application Administrator' account is shared by three members of the IT support team. The password is stored in a password vault. What is the primary risk?

Answer options:

The password vault might be hacked.

Lack of non-repudiation / accountability.

The account has too many privileges.

The password will expire too frequently.

How to approach this question

Shared Account = No Accountability. You can't point the finger at the specific culprit.

Full Answer

B.Lack of non-repudiation / accountability.✓ Correct

Shared accounts violate the principle of individual accountability (non-repudiation). If an action is taken by the shared account, the logs will only show the generic username, making it impossible to attribute the action to a specific individual.

Common mistakes

Focusing on password strength rather than attribution.

Question 38 All questions Question 40

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →