CISA Certified Information Systems Auditor – Question1169

A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:

A.
an incident involving unauthorized access to data cannot be tied to a specific user.
B. when multiple sessions with the same application ID collide, the database locks up.
C. users can gain direct access to the application ID and circumvent data controls.
D. the database becomes unavailable if the password of the application ID expires.

Correct Answer: C