PrepAway - Latest Free Exam Questions & Answers

During an IS audit, one of your auditor has observed that some of the critical servers in your organization ca

During an IS audit, one of your auditor has observed that some of the critical servers in your organization can be accessed ONLY by using shared/common user name and password. What should be the auditors PRIMARY concern be with this approach?

A. Password sharing

B. Accountability

C. Shared account management

D. Difficulty in auditing shared account

The keyword PRIMARY is used in the question. Accountability should be the primary concern if critical servers can be accessed only by using shared user id and password. It would be very difficult to track the changes done by employee on critical server.

For your exam you should know the information below:

Accountability

Ultimately one of the drivers behind strong identification, authentication, auditing and session management is accountability. Accountability is fundamentally about being able to determine who or what is responsible for an action and can be held responsible. A closely related information assurance topic is non-repudiation. Repudiation is the ability to deny an action, event, impact or result. Non-repudiation is the process of ensuring a user may not deny an action. Accountability relies heavily on non-repudiation to ensure users, processes and actions

may be held responsible for impacts.

The following contribute to ensuring accountability of actions:

Strong identification

Strong authentication

User training and awareness

Comprehensive, timely and thorough monitoring

Accurate and consistent audit logs

Independent audits

Policies enforcing accountability

Organizational behavior supporting accountability

The following answers are incorrect:

The other options are also valid concern. But the primary concern should be accountability.

Following reference(s) were/was used to create this question:

CISA review manual 2014 Page number 328 and 329

Official ISC2 guide to CISSP CBK 3rd Edition Page number 114


Leave a Reply