During a logical access controls review, an IS auditor observes that user accounts are shared. The
GREATEST risk resulting from this situation is that:

A.
an unauthorized user may use the ID to gain access.

B.
user access management is time consuming.

C.
passwords are easily guessed.

D.
user accountability may not be established.

Explanation:

The use of a single user ID by more than one individual precludes knowing who in fact used that
ID to access a system; therefore, it is literally impossible to hold anyone accountable. All user IDs,
not just shared IDs, can be used by unauthorized individuals. Access management would not be
any different with shared IDs, and shared user IDs do not necessarily have easily guessed
passwords.