CISA Certified Information Systems Auditor – Question0318

An IS auditor is reviewing an organization’s primary router access control list. Which of the following should result in a finding?

A.
The network security group can change network address translation (NAT).
B. There are conflicting permit and deny rules for the IT group.
C. There is only one rule per group with access privileges.
D. Individual permissions are overriding group permissions.

Correct Answer: D