IIA Exam IIA-CIA-Part3 Topic 9 Question 84 Discussion

Actual exam question for IIA's IIA-CIA-Part3 exam

Question #: 84
Topic #: 9

[All IIA-CIA-Part3 Questions]

During an audit of the payroll system, the internal auditor identifies and documents the following condition:

"Once a user is logged into the system, the user has access to all functionality within the system."

What is the most likely root cause for tins issue?

AThe authentication process relies on a simple password only, which is a weak method of authorization.

BThe system authorization of the user does not correctly reflect the access rights intended.

CThere was no periodic review to validate access rights.

DThe application owner apparently did not approve the access request during the provisioning process.

Show Suggested Answer

Suggested Answer: D

by Rene at Jul 14, 2024, 08:32 AM

Limited Time Offer

25%

Off

Get Premium IIA-CIA-Part3 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Albina

1 days ago

I think the lack of periodic access review is the real issue here. Even if the authorization is set up correctly initially, things can change over time and access needs to be regularly validated.

upvoted 0 times

...

Stephane

5 days ago

But what about option A? Weak password could also be a reason for this issue.

upvoted 0 times

...

Ngoc

6 days ago

The root cause is clearly the system authorization not correctly reflecting the intended access rights. This is a common issue when roles and permissions are not properly defined and maintained.

upvoted 0 times

...

Ruby

10 days ago

I agree with Cherri, the system authorization should reflect the access rights intended.

upvoted 0 times

...

Cherri

13 days ago

I think the most likely root cause is option B.

upvoted 0 times

...