Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Certifications >> CISA Certification
  2. Suggest New Category

An IS auditor reviewing database controls discovered that
changes to the database during normal working hours were
handled through a standard set of procedures. However,
changes made after normal hours required only an abbreviated
number of steps. In this situation, which of the following
would be considered an adequate set of compensating controls?

A. Allow changes to be made only with the DBA user account.

B. Make changes to the database after granting access to a
normal user account

C. Use the DBA user account to make changes, log the changes
and review the change log the following day.

D. Use the normal user account to make changes, log the
changes and review the change log the following day.

Question Posted / guest


An IS auditor reviewing database controls discovered that changes to the database during normal wor..

Answer / guest

Answer: C

The use of a database administrator (DBA) user account
normally is (should be) set up to log all changes made and
is most appropriate for changes made outside of normal
hours. The use of a log, which records the changes, allows
changes to be reviewed. The use of the DBA user account
without logging would permit uncontrolled changes to be made
to databases once access to the account was obtained. The
use of a normal user account with no restrictions would
allow uncontrolled changes to any of the databases. Logging
would only provide information on changes made, but would
not limit changes to only those that were authorized. Hence,
logging coupled with review form an appropriate set of
compensating controls.

Is This Answer Correct ?    4 Yes 1 No

Post New Answer

More CISA Certification Interview Questions

During the review of a biometrics system operation, the IS auditor should FIRST review the stage of: A. enrollment. B. identification. C. verification. D. storage.

1 Answers  

A data warehouse is: A. object orientated. B. subject orientated. C. departmental specific. D. a volatile databases.

2 Answers  

An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.

1 Answers  

Which of the following provides the framework for designing and developing logical access controls? A. Information systems security policy B. Access control lists C. Password management D. System configuration files

2 Answers  

In which of the following network configurations would problem resolution be the easiest? A. Bus B. Ring C.Star D. Mesh

1 Answers  

An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.

1 Answers  

In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls

1 Answers  

A request for a change to a report format in a module (subsystem) was made. After making the required changes, the programmer should carry out: A. unit testing. B. unit and module testing. C. unit, module and regression testing. D. module testing.

2 Answers  

With the help of the security officer, granting access to data is the responsibility of: A. data owners. B. programmers. C. system analysts. D. librarians.

1 Answers  

If the decision has been made to acquire software rather than develop it internally, this decision is normally made during the: A. requirements definition phase of the project. B. feasibility study phase of the project. C. detailed design phase of the project. D. programming phase of the project.

1 Answers  

When using public key encryption to secure data being transmitted across a network: A. both the key used to encrypt and decrypt the data are public. B. the key used to encrypt is private, but the key used to decrypt the data is public. C. the key used to encrypt is public, but the key used to decrypt the data is private. D. both the key used to encrypt and decrypt the data are private.

1 Answers  

Which of the following is the most important element in the design of a data warehouse? A. Quality of the metadata B. Speed of the transactions C. Volatility of the data D. Vulnerability of the system

1 Answers  

For more CISA Certification Interview Questions Click Here
Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)