ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 531 discussion

Actual exam question from Isaca's CISM
Question #: 531
Topic #: 1
[All CISM Questions]

A small organization with limited budget hires a new information security manager who finds the same IT staff member is assigned the responsibility of system administrator, security administrator, database administrator, and application administrator. What is the manager's BEST course of action?

  • A. Formally document IT administrator activities.
  • B. Automate user provisioning activities.
  • C. Maintain strict control over user provisioning activities.
  • D. Implement monitoring of IT administrator activities.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Souvik124 at Feb. 17, 2023, 5:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CISSPST
10 months ago
Selected Answer: D
Where segregation of duties cannot be implemented to deter and prevent malicious actions due to budgetary constraints, monitoring is best way which allows deterrence and detection. Monitoring is more proactive than documenting. User provisioning is not the only security concern wrt this arrangement.
upvoted 2 times
...
oluchecpoint
10 months, 2 weeks ago
Selected Answer: D
D. Implement monitoring of IT administrator activities: This is the most appropriate initial step in this scenario. By monitoring IT administrator activities, the security manager can gain insights into how the responsibilities are being managed and whether there are any security risks or conflicts of interest in these roles. It allows the manager to identify any potential issues and develop a more comprehensive plan for addressing them.
upvoted 2 times
...
richck102
1 year ago
D. Implement monitoring of IT administrator activities.
upvoted 2 times
...
Souvik124
1 year, 5 months ago
The BEST course of action for the information security manager in this scenario is to implement monitoring of IT administrator activities.
upvoted 2 times
rbg8
1 year, 1 month ago
I would pick A over D. It says with a small budget. Who is going to monitor and follow up on suspect activities? Exactly: there is no budget. So ISM has to define the roles and responsibilities.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel