In a small organization, developers may release emergency changes directly to production. Which
of the following will BEST control the risk in this situation?

An IS auditor notes that patches for the operating system used by an organization are deployed by
the IT department as advised by the vendor. The MOST significant concern an IS auditor should
have with this practice is the nonconsideration bylT of:

Which of the following processes should an IS auditor recommend to assist in the recording of
baselines for software releases?

An IS auditor discovers that developers have operator access to the command line of a production
environment operating system. Which of the following controls wou Id BEST mitigate the risk of
undetected and unauthorized program changes to the production environment?

The application systems of an organization using open-source software have no single recognized
developer producing patches. Which of the following would be the MOST secure way of updating
open-source software?

To determine if unauthorized changes have been made to production code the BEST audit
procedure is to:

When reviewing procedures for emergency changes to programs, the IS auditor should verify that
the procedures:

An organization has recently installed a security patch, which crashed the production server. To
minimize the probability of this occurring again, an IS auditor should:

An IS auditor should recommend the use of library control software to provide reasonable
assurance that:

The purpose of code signing is to provide assurance that: