Exam CISM topic 1 question 252 discussion

Answer is C. Github is a 'program library software'. It has version control that can be audited.

B. Code Review is an indepth process that includes document changes and code version control.

B. Code Review seems to be apt.

Question talks about 'audit trails', this to me removes code review as an option. Answer should be C

C. program library software. Program library software, often referred to as version control or source code management systems (e.g., Git, Subversion), is designed specifically to track changes to source code and object code. These tools allow developers to commit their code changes, provide comments about the changes made, and maintain a history of revisions. This makes it easier to review, roll back to previous versions, and track who made specific changes to the code, providing a comprehensive audit trail.

Code review has nothing to to with audit trails

B for sure

The question is about tracking audit trails, it has nothing to do with code review. The answer should be change management, hence - D

According to CISM Review Manual, 27th Edition, in Domain 3 (Information Security Program Development and Management) and Domain 4 (Information Security Incident Management), it is indicated that software library controls or configuration management systems are used to store and manage source and object codes.

B. code review.

B. code review. Code review is a process where software developers or designated reviewers systematically examine and evaluate the source code to identify issues, defects, or opportunities for improvement. During code review, changes made to the code can be documented and tracked, providing an audit trail of the modifications. This helps in maintaining version control, identifying the author of changes, and ensuring accountability and transparency in the software development process.

Audit trails of changes to source code and object code are BEST tracked through code review.

The best answer is B: Code Review as it forces someone to review the previous code and the new code to make a judgment call as to whether to approve the change or not. Rationale: A. Compiler creates code but doesn't keep track of code B. code review: This is the correct answer. C. program library software is a collection of code, but again doesn't keep track of code changes D. job control statements control the execution of a job for a mainframe. So that's not really relevant here.

Program library software can help manage collections of code, but it is not specifically designed to track changes to code over time so not sure if correct but out of given answers comes close