Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor reviewing database controls discovered that
changes to the database during normal working hours were
handled through a standard set of procedures. However,
changes made after normal hours required only an abbreviated
number of steps. In this situation, which of the following
would be considered an adequate set of compensating controls?
A. Allow changes to be made only with the DBA user account.
B. Make changes to the database after granting access to a
normal user account
C. Use the DBA user account to make changes, log the changes
and review the change log the following day.
D. Use the normal user account to make changes, log the
changes and review the change log the following day.
- 1 Answers
- 8027 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The use of a database administrator (DBA) user account
normally is (should be) set up to log all changes made and
is most appropriate for changes made outside of normal
hours. The use of a log, which records the changes, allows
changes to be reviewed. The use of the DBA user account
without logging would permit uncontrolled changes to be made
to databases once access to the account was obtained. The
use of a normal user account with no restrictions would
allow uncontrolled changes to any of the databases. Logging
would only provide information on changes made, but would
not limit changes to only those that were authorized. Hence,
logging coupled with review form an appropriate set of
compensating controls.
| Is This Answer Correct ? | 4 Yes | 1 No |
During which of the following phases in systems development would user acceptance test plans normally be prepared? A. Feasibility study B. Requirements definition C. Implementation planning D. Post-implementation review
Which of the following offsite information processing facility conditions would cause an IS auditor the GREATEST concern? The facility A. is identified clearly on the outside with the company name. B. is located more than an hour driving distance from the originating site. C. does not have any windows to let in natural sunlight. D. entrance is located in the back of the building rather than the front.
The PRIMARY objective of a business continuity and disaster recovery plan should be to: A. safeguard critical IS assets. B. provide for continuity of operations. C. minimize the loss to an organization. D. protect human life.
Many organizations require an employee to take a mandatory vacation (holiday) of a week or more to: A. ensure the employee maintains a quality of life, which will lead to greater productivity. B. reduce the opportunity for an employee to commit an improper or illegal act. C. provide proper cross training for another employee. D. eliminate the potential disruption caused when an employee takes vacation one day at a time.
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks? A. Spool B. Cluster controller C. Protocol converter D. Front end processor
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when: A. connecting points are available in the facility to connect laptops to the network. B. users take precautions to keep their passwords confidential. C. terminals with password protection are located in unsecured locations. D. terminals are located within the facility in small clusters under the supervision of an administrator.
The BEST time to perform a control self-assessment involving line management, line staff and the audit department is at the time of: A. compliance testing. B. the preliminary survey. C. substantive testing. D. the preparation of the audit report.
Which of the following business recovery strategies would require the least expenditure of funds? A. Warm site facility B. Empty shell facility C. Hot site subscription D. Reciprocal agreement
Which of the following steps would an IS auditor normally perform FIRST in a data center security review? A. Evaluate physical access test results. B. Determine the risks/threats to the data center site. C. Review business continuity procedures. D. Test for evidence of physical access at suspect locations.
Which of the following is an objective of a control self-assessment (CSA) program? A. Audit responsibility enhancement B. Problem identification C. Solution brainstorming D. Substitution for an audit
Cisco Certifications 
