Certified Information Systems Auditor (CISA) — Question 1284
An externally facing system containing sensitive data is configured such that users have either read-only or administrator rights. Most users of the system have administrator access. Which of the following is the GREATEST risk associated with this situation?
Answer options
- A. Users can make unauthorized changes.
- B. Users can export application logs.
- C. Users can install open-licensed software.
- D. Users can view sensitive data.
Correct answer: A
Explanation
The greatest risk in this scenario is that users with administrator access can make unauthorized changes to the system, potentially compromising its integrity and security. While exporting logs, installing software, and viewing sensitive data are concerns, they do not pose as significant a risk as the potential for unauthorized modifications by users with elevated privileges.