Certified Information Systems Auditor (CISA) — Question 1179

Which of the following is the MOST significant risk when an application uses individual end-user accounts to access the underlying database?

Answer options

• A. Users may be able to circumvent application controls.
• B. Application may not capture a complete audit trail.
• C. User accounts may remain active after a termination.
• D. Multiple connects to the database are used and slow the process.

Correct answer: A

Explanation

The primary risk is that users can bypass the application's built-in security measures, leading to unauthorized access or manipulation of data. While not capturing a complete audit trail, having active accounts after termination, and multiple database connections can also pose risks, they are not as critical as the potential for users to undermine application controls.