Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor reviewing database controls discovered that
changes to the database during normal working hours were
handled through a standard set of procedures. However,
changes made after normal hours required only an abbreviated
number of steps. In this situation, which of the following
would be considered an adequate set of compensating controls?
A. Allow changes to be made only with the DBA user account.
B. Make changes to the database after granting access to a
normal user account
C. Use the DBA user account to make changes, log the changes
and review the change log the following day.
D. Use the normal user account to make changes, log the
changes and review the change log the following day.
- 1 Answers
- 8078 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The use of a database administrator (DBA) user account
normally is (should be) set up to log all changes made and
is most appropriate for changes made outside of normal
hours. The use of a log, which records the changes, allows
changes to be reviewed. The use of the DBA user account
without logging would permit uncontrolled changes to be made
to databases once access to the account was obtained. The
use of a normal user account with no restrictions would
allow uncontrolled changes to any of the databases. Logging
would only provide information on changes made, but would
not limit changes to only those that were authorized. Hence,
logging coupled with review form an appropriate set of
compensating controls.
| Is This Answer Correct ? | 4 Yes | 1 No |
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
Which of the following should be the FIRST step of an IS audit? A. Create a flowchart of the decision branches. B. Gain an understanding of the environment under review. C. Perform a risk assessment. D. Develop the audit plan.
Which of the following database administrator (DBA) activities is unlikely to be recorded on detective control logs? A. Deletion of a record B. Change of a password C. Disclosure of a password D. Changes to access rights
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same? A. A substantive test of program library controls B. A compliance test of program library controls C. A compliance test of the program compiler controls D. A substantive test of the program compiler controls
An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.
Which of the following is a function of an IS steering committee? A. Monitoring vendor controlled change control and testing B. Ensuring a separation of duties within the information's processing environment C. Approving and monitoring major projects, the status of IS plans and budgets D. Responsible for liaison between the IS department and the end users
Which of the following would contribute MOST to an effective business continuity plan (BCP)? The BCP: A. document was circulated to all interested parties. B. planning involved all user departments. C. was approved by senior management. D. was audited by an external IS auditor.
In planning an audit, the MOST critical step is the identification of the:
A key element in a risk analysis is/are: A. audit planning. B. controls. C. vulnerabilities. D. liabilities.
E-cash is a form of electronic money that: A. can be used over any computer network. B. utilizes reusable e-cash coins to make payments. C. does not require the use of an Internet digital bank. D. contains unique serial numbering to track the identity of the buyer.
In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
Which of the following pairs of functions should not be combined to provide proper segregation of duties? A. Tape librarian and computer operator B. Application programming and data entry C. Systems analyst and database administrator D. Security administrator and quality assurance
Cisco Certifications 
