Question

You are conducting an it audit, and you need to see the list of accounts that have administrative access to a particular system. however, you are concerned that the list you receive from the sysadmin might not be accurate or complete. what can you do to best compensate for that risk?

A Ask the sysadmin's boss to supply the list
B Observe the sysadmin pulling up the list in person or via a remote Session
C. Ask the sysadmin to allow you to pull up the list yourself since only Read' access is required to do so
D Ask the sysadmin to email the list and sign off on it

Answer 1

To ensure the integrity of an IT audit, observing the sysadmin retrieving the list of administrative accounts or gaining 'Read' access to do it yourself are the most reliable methods to mitigate risks of inaccuracies.

Step-by-step explanation:

When conducting an IT audit and validating the list of accounts with administrative access to a system, it is important to mitigate the risk of receiving an incomplete or inaccurate list. An effective approach would be B: Observe the sysadmin pulling up the list in person or via a remote session. This option allows you to directly witness the process and verify the accuracy of the data in real-time.

Alternatively, C: Asking the sysadmin to allow you to pull up the list yourself can also be a suitable option since only 'Read' access is needed, giving you direct control over the verification process. Lastly, D: Asking the sysadmin to email the list and sign off on it can hold them accountable but does not fully mitigate the risk of inaccuracy. Ensuring transparency and accuracy in this process is crucial for the integrity of the audit.