CISA Certified Information Systems Auditor – Question1418

During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:

A.
an unauthorized user may use the ID to gain access.
B. user access management is time consuming.
C. passwords are easily guessed.
D. user accountability may not be established.

Correct Answer: D

Explanation:

Explanation:
The use of a single user ID by more than one individual precludes knowing who in fact used that ID to access a system; therefore, it is literally impossible to hold anyone accountable. All user IDs, not just shared IDs, can be used by unauthorized individuals.
Access management would not be any different with shared IDs, and shared user IDs do not necessarily have easily guessed passwords.