Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 121

An internal auditor discusses user-defined default passwords with the database administrator. Such passwords will be reset as soon as the user logs in for the first time, but the initial value of the password is set as "123456." Which of the following are the auditor and the database administrator most likely discussing in this situation?

Answer options

• A. Whether it would be more secure to replace numeric values with characters.
• B. What happens in the situations where users continue using the initial password.
• C. What happens in the period between the creation of the account and the password change.
• D. Whether users should be trained on password management features and requirements.

Correct answer: C

Explanation

The correct answer is C because the discussion is centered around the time gap between account creation and the mandatory password change. Options A and D focus on security and training, which are not directly relevant to the situation at hand. Option B, while related to user behavior, does not address the specific timing issue discussed.