PrepAway - Latest Free Exam Questions & Answers

The IS auditor’s main concern should be that:

An IS auditor has identified the lack of an authorization process for users of an application. The IS
auditor’s main concern should be that:

PrepAway - Latest Free Exam Questions & Answers

A.
more than one individual can claim to be a specific user.

B.
there is no way to limit the functions assigned to users.

C.
user accounts can be shared.

D.
users have a need-to-know privilege.

Explanation:

Without an appropriate authorization process, it will be impossible to establish functional limits and
accountability. The risk that more than one individual can claim to be a specific user is associated
with the authentication processes, rather thanwith authorization. The risk that user accounts can
be shared is associated with identification processes, rather than with authorization. The need-toknow basis is the best approach to assigning privileges during the authorization process.


Leave a Reply