An IS auditor performing detailed network assessments and access control reviews should FIRST:

A.
determine the points of entry.

B.
evaluate users’ access authorization.

C.
assess users’ identification and authorization.

D.
evaluate the domain-controlling server configuration.

Explanation:
In performing detailed network assessments and access control reviews, an IS auditor should first
determine the points of entry to the system and review the points of entry accordingly for
appropriate controls. Evaluation of user access authorization, assessment of user identification and
authorization, and evaluation of the domain-controlling server configuration are all implementation
issues for appropriate controls for the points of entry.