CISA Certified Information Systems Auditor – Question1416

To determine who has been given permission to use a particular system resource, an IS auditor should review:

A.
activity lists.
B. access control lists.
C. logon ID lists.
D. password lists.

Correct Answer: B

Explanation:

Explanation:
Access control lists are the authorization tables that document the users who have been given permission to use a particular system resource and the types of access they have been granted. The other choices would not document who has been given permission to use (access) specific system resources.