CISA Certified Information Systems Auditor – Question0996

An IS audit had identified that default passwords for a newly implemented application were not changed. During the follow-up audit, which of the following would provide the BEST evidence that the finding was effectively addressed?

A.
Written confirmation from management that the passwords were changed
B. Screenshots of system parameters requiring password changes on next login
C. Application log files that record the password changes
D. System-generated emails requiring application users to change passwords

Correct Answer: C