When performing an audit of access rights, an IS auditor should be suspicious of which of the following if
allocated to a computer operator?

A.
Read access to data

B.
Delete access to transaction data files

C.
Logged read/execute access to programs

D.
Update access to job control language/script files

Explanation:
Deletion of transaction data files should be a function of the application support team, not operations staff.
Read access to production data is a normal requirement of a computer operator, as is logged access to
programs and access to JCL to control job execution.