An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the:

A.
maintenance of access logs of usage of various system resources.

B.
authorization and authentication of the user prior to granting access to system resources.

C.
adequate protection of stored data on servers by encryption or other means.

D.
accountability system and the ability to identify any terminal accessing system resources.

Explanation:
The authorization and authentication of users is the most significant aspect in a telecommunications access
control review, as it is a preventive control. Weak controls at this level can affect all other aspects. The
maintenance of access logs of usage of system resources is a detective control. The adequate protection of
data being transmitted to and from servers by encryption or other means is a method of protecting information
during transmission and is not an access issue. The accountability system and the ability to identify any terminal
accessing system resources deal with controlling access through the identification of a terminal.