An IS auditor reviewing a database application discovers that the current configuration does not
match the originally designed structure. Which of the following should be the IS auditor’s next
action?

A programmer maliciously modified a production program to change data and then restored the
original code. Which of the following would MOST effectively detect the malicious activity?

The purpose of code signing is to provide assurance that:

An IS auditor should recommend the use of library control software to provide reasonable
assurance that:

An organization has recently installed a security patch, which crashed the production server. To
minimize the probability of this occurring again, an IS auditor should:

When reviewing procedures for emergency changes to programs, the IS auditor should verify that
the procedures:

To determine if unauthorized changes have been made to production code the BEST audit

procedure is to:

The application systems of an organization using open-source software have no single recognized
developer producing patches. Which of the following would be the MOST secure way of updating
open-source software?

An IS auditor discovers that developers have operator access to the command line of a
production environment operating system. Which of the following controls wou Id BEST mitigate
the risk of undetected and unauthorized program changes to the production environment?

Which of the following processes should an IS auditor recommend to assist in the
recording of baselines for software releases?