Certified Information Systems Auditor (CISA) — Question 14

Following an internal audit of a database, management has committed to enhance password management controls. Which of the following provides the BEST evidence that management has remediated the audit finding?

Answer options

• A. Screenshots from end users showing updated password settings
• B. Interviews with management about remediation completion
• C. Change tickets of recent password configuration updates
• D. Observation of updated password settings with database administrators (DBAs)

Correct answer: D

Explanation

The correct answer is D because directly observing the updated password settings with database administrators provides firsthand evidence of the changes made. Other options, such as screenshots or interviews, may not provide conclusive proof of remediation, as they could be misleading or subjective.