An IS auditor reviewing database controls discovered that
changes to the database during normal working hours were
handled through a standard set of procedures. However,
changes made after normal hours required only an abbreviated
number of steps. In this situation, which of the following
would be considered an adequate set of compensating controls?
A. Allow changes to be made only with the DBA user account.
B. Make changes to the database after granting access to a
normal user account
C. Use the DBA user account to make changes, log the changes
and review the change log the following day.
D. Use the normal user account to make changes, log the
changes and review the change log the following day.
- 1 Answers
- 7326 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The use of a database administrator (DBA) user account
normally is (should be) set up to log all changes made and
is most appropriate for changes made outside of normal
hours. The use of a log, which records the changes, allows
changes to be reviewed. The use of the DBA user account
without logging would permit uncontrolled changes to be made
to databases once access to the account was obtained. The
use of a normal user account with no restrictions would
allow uncontrolled changes to any of the databases. Logging
would only provide information on changes made, but would
not limit changes to only those that were authorized. Hence,
logging coupled with review form an appropriate set of
compensating controls.
| Is This Answer Correct ? | 4 Yes | 1 No |
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different.
In a LAN environment, which of the following minimizes the risk of data corruption during transmission? A. Using end-to-end encryption for data communication B. Using separate conduits for electrical and data cables C. Using check sums for checking the corruption of data D. Connecting the terminals using a star topology
Functionality is a characteristic associated with evaluating the quality of software products throughout their lifecycle, and is BEST described as the set of attributes that bear on the: A. existence of a set of functions and their specified properties. B. ability of the software to be transferred from one environment to another. C. capability of software to maintain its level of performance under stated conditions. D. relationship between the performance of the software and the amount of resources used.
When implementing and application software package, which of the following presents the GREATEST risk? A. Uncontrolled multiple software versions B. Source programs that are not synchronized with object code C. Incorrectly set parameters D. Programming errors
Authentication is the process by which the: A. system verifies that the user is entitled to input the transaction requested. B. system verifies the identity of the user. C. user identifies himself to the system. D. user indicates to the system that the transaction was processed correctly.
A company disposing of personal computers that once were used to store confidential data should first: A. demagnetize the hard disk. B. low-level format the hard disk. C. delete all data contained on the hard disk. D. defragment the data contained on the hard disk.
A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and: A. dials back to the user machine based on the user id and password using a telephone number from its database. B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection. C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database. D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender's database.
Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level
Which of the following is the MOST effective type of antivirus software to detect an infected application? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
Which of the following groups should assume ownership of a systems development project and the resulting system? A. User management B. Senior management C. Project steering committee D. Systems development management
The application test plans are developed in which of the following systems development life cycle (SDLC) phases? A. Design B. Testing C. Requirement D. Development
Cisco Certifications 
