CISA Certified Information Systems Auditor – Question3042

During the audit of a database server, which of the following would be considered the GREATEST exposure?

A.
The password does not expire on the administrator account
B. Default global security settings for the database remain unchanged
C. Old data have not been purged
D. Database activity is not fully logged

Correct Answer: B

Explanation:

Explanation:
Default security settings for the database could allow issues like blank user passwords or passwords that were the same as the username. Logging all database activity is not practical. Failure to purge old data may present a performance issue but is not an immediate security concern. Choice A is an exposure but not as serious as B.