CISA Exam QAE Domain 5

When reviewing an organization's logical access security to its remote systems, which of the following would be of GREATEST concern to an IS auditor? - ANSWER- Unencrypted passwords are used. When evaluating the technical aspects of logical security, unencrypted passwords represent the greatest risk because it would be assumed that remote access would be over an untrusted network where passwords could be discovered. Which of the following would be the BEST access control procedure? - ANSWER- The data owner formally authorizes access and an administrator implements the user authorization tables. The data owner holds the privilege and responsibility for formally establishing the access rights. An IS administrator should then implement or update user authorization tables at the direction of the owner. Which of the following types of transmission media provide the BEST security against unauthorized access? - ANSWER- Fiber-optic cables