ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 1793 discussion

Actual exam question from Isaca's CISA
Question #: 1793
Topic #: 1
[All CISA Questions]

A post-implementation audit has been completed for the deployment of a sophisticated job scheduling tool. Which of the following observations would be of GREATEST concern?

  • A. The IT team customized tool settings without seeking approval from the provider.
  • B. The overall project took longer to complete than planned.
  • C. The data encryption setting is not enabled in the scheduling tool.
  • D. The IT team accesses the scheduler admin panel via a generic account.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by blehbleh at Oct. 15, 2024, 5:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CCNPWILL
3 days, 10 hours ago
Selected Answer: D
Definitely D. accountability is circumvented because multiple users are sharing a single account. Not good. Dont know enough about how the tool functions to vote C. C would be a second choice.
upvoted 1 times
...
46080f2
1 month, 2 weeks ago
Selected Answer: D
Based on the CISA Official Review Manual 28th Edition, the observation of greatest concern is D. The IT team accesses the scheduler admin panel via a generic account. This finding aligns with the manual’s strong stance against shared privileged accounts, as evidenced by Section 5.3.14 and the self-assessment, due to its significant risks to accountability, integrity, and availability - crucial for a job scheduling tool’s operation.
upvoted 2 times
...
pLulu
5 months, 1 week ago
D. The IT team accesses the scheduler admin panel via a generic account. Using a generic account for accessing the scheduler admin panel poses significant security risks. It makes it difficult to track individual user actions, which can lead to accountability issues and complicate incident response. Additionally, it increases the risk of unauthorized access, as generic accounts are often less secure and more prone to misuse.
upvoted 1 times
...
blehbleh
6 months, 2 weeks ago
Selected Answer: C
I'm leaning toward C on this due to this being an audit certificate. One would think they would care most about security and encryption out of the options provided. Not to say that option A and D aren't concerns as well. Just C seems to be more concerning.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago