Certified Information Systems Auditor (CISA) — Question 719

During a database management evaluation, an IS auditor discovers that some accounts with database administrator (DBA) privileges have been assigned a default password with an unlimited number of failed login attempts. Which of the following is the auditor's BEST course of action?

Answer options

• A. Postpone the audit until adequate security and password management practices are established.
• B. Document the finding and explain the risk of having administrator accounts with inappropriate security settings.
• C. Identify accounts that have had excessive failed login attempts and request they be disabled.
• D. Request the IT manager to change administrator security parameters and update the finding.

Correct answer: B

Explanation

The best course of action is to document the finding and explain the risk of having administrator accounts with inappropriate security settings, as this raises significant security concerns. Postponing the audit or requesting changes without documenting the risks does not address the immediate vulnerabilities present. Identifying excessive failed login attempts is reactive rather than proactive in managing the overarching security issue.