Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IIA Exam IIA-CIA-Part3 Topic 9 Question 84 Discussion

Actual exam question for IIA's IIA-CIA-Part3 exam
Question #: 84
Topic #: 9
[All IIA-CIA-Part3 Questions]

During an audit of the payroll system, the internal auditor identifies and documents the following condition:

"Once a user is logged into the system, the user has access to all functionality within the system."

What is the most likely root cause for tins issue?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Rene at Jul 14, 2024, 08:32 AM

Limited Time Offer

25%

Off

Get Premium IIA-CIA-Part3 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Maryrose
3 months ago
This is like a buffet of security vulnerabilities. All-you-can-access payroll system - what could go wrong?
upvoted 0 times
Albert
2 months ago
C) There was no periodic review to validate access rights.
upvoted 0 times
...
Tatum
2 months ago
B) The system authorization of the user does not correctly reflect the access rights intended.
upvoted 0 times
...
Jeff
2 months ago
A) The authentication process relies on a simple password only, which is a weak method of authorization.
upvoted 0 times
...
...
Leigha
3 months ago
Haha, the application owner must have been asleep at the wheel during the provisioning process. Gotta stay on top of those access requests!
upvoted 0 times
...
Lenora
3 months ago
A simple password-based authentication process is definitely a weak link. Stronger authentication methods like multi-factor should be implemented to improve security.
upvoted 0 times
Eleonora
2 months ago
D) The application owner apparently did not approve the access request during the provisioning process.
upvoted 0 times
...
Vicky
2 months ago
C) There was no periodic review to validate access rights.
upvoted 0 times
...
Dulce
2 months ago
B) The system authorization of the user does not correctly reflect the access rights intended.
upvoted 0 times
...
Gianna
2 months ago
A) The authentication process relies on a simple password only, which is a weak method of authorization.
upvoted 0 times
...
...
Albina
3 months ago
I think the lack of periodic access review is the real issue here. Even if the authorization is set up correctly initially, things can change over time and access needs to be regularly validated.
upvoted 0 times
Marget
3 months ago
B) The system authorization of the user does not correctly reflect the access rights intended.
upvoted 0 times
...
Geraldine
3 months ago
A) The authentication process relies on a simple password only, which is a weak method of authorization.
upvoted 0 times
...
...
Stephane
3 months ago
But what about option A? Weak password could also be a reason for this issue.
upvoted 0 times
...
Ngoc
3 months ago
The root cause is clearly the system authorization not correctly reflecting the intended access rights. This is a common issue when roles and permissions are not properly defined and maintained.
upvoted 0 times
...
Ruby
3 months ago
I agree with Cherri, the system authorization should reflect the access rights intended.
upvoted 0 times
...
Cherri
4 months ago
I think the most likely root cause is option B.
upvoted 0 times
...

Save Cancel