To determine whether programmers have permission to alter data in the production environment, the most direct and effective method is to review the actual access rights granted to their accounts. This reveals:
Who has access
What level of access they have (e.g., read, write, modify)
Whether access is appropriate or violates segregation of duties (SoD)
Why not the others?
A. The access control system's configuration
This tells how access is managed in general, but not who currently has what access.
B. How the latest system changes were implemented
This may provide insight into past behavior, but it's not a comprehensive or ongoing view of access rights.
D. The access control system's log settings
Log settings tell you what is being recorded, not who currently has access.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Greens
2 days, 10 hours ago52cb16c
3 months, 1 week agoPurpleParrot
8 months, 3 weeks agoa84n
1 year, 1 month agoChangwha
1 year, 11 months ago