An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the
IS auditor recommend to avoid this situation?

A.
Log all table update transactions.

B.
implement before-and-after image reporting.

C.
Use tracing and tagging.

D.
implement integrity constraints in the database.

Explanation:
Implementing integrity constraints in the database is a preventive control, because data is checked against
predefined tables or rules preventing any undefined data from being entered. Logging all table update
transactions and implementing before-and-after image reporting are detective controls that would not avoid the
situation. Tracing and tagging are used to test application systems and controls and could not prevent out-ofrange data.