Certified Information Systems Auditor (CISA) Question: Download Questions PDF
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls?
Answer:
1. Allow changes to be made only with the DBA user account.
2. Make changes to the database after granting access to a normal user account
3. Use the DBA user account to make changes, log the changes and review the change log the following day.
4. Use the normal user account to make changes, log the changes and review the change log the following day.
Answer: 3
2. Make changes to the database after granting access to a normal user account
3. Use the DBA user account to make changes, log the changes and review the change log the following day.
4. Use the normal user account to make changes, log the changes and review the change log the following day.
Answer: 3
Download CISA Interview Questions And Answers
PDF