PrepAway - Latest Free Exam Questions & Answers

which of the following would be considered an adequate …

An IS auditor reviewing database controls discovered that changes to the database during normal working
hours were handled through a standard set of procedures. However, changes made after normal hours
required only an abbreviated number of steps. In this situation, which of the following would be considered an
adequate set of compensating controls?

PrepAway - Latest Free Exam Questions & Answers

A.
Allow changes to be made only with the DBA user account.

B.
Make changes to the database after granting access to a normal user account.

C.
Use the DBA user account to make changes, log the changes and review the change log the following day.

D.
Use the normal user account to make changes, log the changes and review the change log the following
day.

Explanation:
The use of a database administrator (DBA) user account is normally set up to log all changes made and is most
appropriate for changes made outside of normal hours. The use of a log, which records the changes, allows
changes to be reviewed. The use of the DBA user account without logging would permit uncontrolled changes
to be made to databases once access to the account was obtained. The use of a normal user account with no
restrictions would allow uncontrolled changes to any of the databases. Logging would only provide information
on changes made, but would not limit changes to only those that were authorized. Hence, logging coupled with
review form an appropriate set of compensating controls.


Leave a Reply