Free ISACA CISA Actual Exam Questions - Question 5 Discussion
either read-only or administrator rights. Most users of the system have administrator access.
Which of the following is the GREATEST risk associated with this situation?
B/C? While unauthorized changes (C) are a big concern, the fact that most users have admin rights means lots of people can see sensitive data (B) they might not normally access. That could lead to data leaks or misuse. Exporting logs or installing software seem less risky compared to just having too many people able to see or alter sensitive info. But I get why C is popular since admins have broad control.
If most users have admin rights, the big risk is that someone could accidentally or intentionally mess with system settings or data, which points to C. Exporting logs (A) or installing open software (D) seems less critical because logs don't change data and open software might not be allowed anyway. Viewing sensitive data (B) is a concern, but if users already have access, the risk isn't increased by their admin status. So, does having widespread admin rights mainly increase the chance of unauthorized changes, or is there something else we should consider?
C