Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 67

Which of the following describes the most appropriate set of tests for auditing a workstation's logical access controls?

Answer options

• A. Review the list of people with access badges to the room containing the workstation and a log of those who accessed the room.
• B. Review the password length, frequency of change, and list of users for the workstation's login process.
• C. Review the list of people who attempted to access the workstation and failed, as well as error messages.
• D. Review the passwords of those who attempted unsuccessfully to access the workstation and the log of their activity.

Correct answer: B

Explanation

The correct answer, B, focuses on critical aspects of the login process such as password length and change frequency, which are essential for securing access. Options A, C, and D do not evaluate the effectiveness of the login controls directly and instead focus on physical access or failed attempts, which are less relevant for assessing logical access controls.