ExpertMedium1 markMultiple Choice
CPA · Question 39 · Area II: Security
An auditor is reviewing the logical access controls for a financial application. They notice that the 'Application Administrator' account is shared by three members of the IT support team. The password is stored in a password vault. What is the primary risk?
An auditor is reviewing the logical access controls for a financial application. They notice that the 'Application Administrator' account is shared by three members of the IT support team. The password is stored in a password vault. What is the primary risk?
Answer options:
A.
The password vault might be hacked.
B.
Lack of non-repudiation / accountability.
C.
The account has too many privileges.
D.
The password will expire too frequently.
How to approach this question
Shared Account = No Accountability. You can't point the finger at the specific culprit.
Full Answer
B.Lack of non-repudiation / accountability.✓ Correct
Shared accounts violate the principle of individual accountability (non-repudiation). If an action is taken by the shared account, the logs will only show the generic username, making it impossible to attribute the action to a specific individual.
Common mistakes
Focusing on password strength rather than attribution.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard