ExpertMedium1 markMultiple Choice
CPA · Question 72 · Area II: Security
An auditor is testing 'Logical Access'. They find a user with the role 'SuperAdmin'. This user is also the 'HR Manager'. What is the primary concern?
An auditor is testing 'Logical Access'. They find a user with the role 'SuperAdmin'. This user is also the 'HR Manager'. What is the primary concern?
Answer options:
A.
The user might delete HR records.
B.
Excessive privileges / Violation of Least Privilege.
C.
The user is not trained in IT.
D.
HR Managers are often targets of phishing.
How to approach this question
Apply the principle of Least Privilege.
Full Answer
B.Excessive privileges / Violation of Least Privilege.✓ Correct
Least Privilege dictates that users should only have the access necessary to perform their job functions.
Common mistakes
None usually.
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium