When reviewing an organization’s logical access security, which of the following should be of MOST
concern to an IS auditor?

A.
Passwords are not shared.

B.
Password files are not encrypted.

C.
Redundant logon IDs are deleted.

D.
The allocation of logon IDs is controlled.

Explanation:
When evaluating the technical aspects of logical security, unencrypted files represent the greatest
risk. The sharing of passwords, checking for the redundancy of logon IDs and proper logon ID
procedures are essential, but they are less important than ensuring that the password files are
encrypted.