medium
Single Answer
0Leonidas's organization wants to ensure that proper account management is occurring but does not have a central identity and access management tool in place. Leonidas has a limited amount of time to do his verification process. What is his best option to test the account management process as part of an internal audit?
Answer Options
A
Validate all accounts changed in the past 90 days.
B
Select high-value administrative accounts for validation.
C
Validate all account changes in the past 180 days.
D
Validate a random sample of accounts.
Correct Answer: D
Explanation
Random sampling of accounts is the recommended best practice if all accounts cannot be validated. Selecting only recently changed accounts will not identify long-term issues or historic issues, and checking only high-value accounts will not show if there are issues or bad practices with other account types.