CISA Certified Information Systems Auditor – Question1536

An IS auditor performing detailed network assessments and access control reviews should FIRST:

A.
determine the points of entry.
B. evaluate users' access authorization.
C. assess users' identification and authorization.
D. evaluate the domain-controlling server configuration.

Correct Answer: A

Explanation:

Explanation:
In performing detailed network assessments and access control reviews, an IS auditor should first determine the points of entry to the system and review the points of entry accordingly for appropriate controls. Evaluation of user access authorization, assessment of user identification and authorization, and evaluation of the domain-controlling server configuration are all implementation issues for appropriate controls for the points of entry.