ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 250 discussion

Actual exam question from Isaca's CISA
Question #: 250
Topic #: 1
[All CISA Questions]

Code changes are compiled and placed in a change folder by the developer. An implementation team migrates changes to production from the change folder.
Which of the following BEST indicates separation of duties is in place during the migration process?

  • A. A second individual performs code review before the change is released to production.
  • B. The implementation team does not have access to change the source code.
  • C. The implementation team does not have experience writing code.
  • D. The developer approves changes prior to moving them to the change folder.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by 3008 at June 11, 2023, 9:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
1Naa
6 months, 2 weeks ago
Selected Answer: B
This prevents conflicts of interest, reduces the risk of unauthorized changes, and safeguards against errors or malicious activities that could compromise system integrity and security.
upvoted 1 times
...
SamT
9 months ago
B : Here separation of duties are between developer team vs operation team. To implement any changes in the production environment should be under production support team & should not be implemented by developers.
upvoted 2 times
...
topikal
1 year ago
Selected Answer: B
correct answer is B, code review is not related to SoD
upvoted 2 times
...
a84n
1 year, 2 months ago
Selected Answer: A
Q: BEST indicates separation of duties is in place during the migration process Answer: A
upvoted 1 times
...
Swallows
1 year, 2 months ago
Selected Answer: B
The implementation team does not have access to the source code, so the compiled data by the developer cannot be modified by the implementation team.
upvoted 2 times
Swallows
11 months, 3 weeks ago
The implementation team's lack of access to modify source code shows one aspect of the separation of duties in place, but it is not a complete proof of separation of duties. Simply not having access does not ensure that other processes (e.g. code reviews and approval processes) are in place. Separation of duties is not just about having separate roles, but also includes checks between each role, which makes it even more important that code reviews are performed.
upvoted 2 times
...
...
AB1237
1 year, 10 months ago
Selected Answer: A
Answer is A, because if its is B - the implementation team does not have access to change the source code, is a control, but it does not necessarily indicate separation of duties. It focuses on restricting access rather than involving a separate individual in the review process.
upvoted 1 times
ChaBum
1 year, 4 months ago
cannot be A because it describes 4 eyes principle, and not separation of duties.
upvoted 1 times
...
...
BA27
1 year, 10 months ago
A. A second individual performs code review before the change is released to production
upvoted 1 times
BA27
1 year, 10 months ago
Apologies. Correct is B
upvoted 2 times
...
...
Ray81
1 year, 11 months ago
Selected Answer: B
that's SOD
upvoted 2 times
...
hoho
2 years ago
I am B, it better to describe SoD
upvoted 1 times
...
3008
2 years ago
Selected Answer: A
A IS ANSWER
upvoted 1 times
3008
1 year, 6 months ago
Option D, where the developer approves changes prior to moving them to the change folder, is not an effective way of implementing separation of duties since it does not involve a separate individual verifying the code changes. This approach can lead to situations where the developer approves their own changes, increasing the risk of errors or malicious activity going undetected. Option C, where the implementation team does not have experience writing code, is not an effective separation of duties measure since it does not address the need for an independent verification of the code changes. Option B where the implementation team does not have access to change the source code, is not an effective separation of duties measure either since it does not address the need for an independent verification of the code changes.
upvoted 1 times
3008
1 year, 6 months ago
In contrast, option A involves a separate individual performing a code review to ensure that the changes are properly documented, tested, and meet the required coding standards. This approach helps ensure that code changes are thoroughly vetted and tested before being implemented in production, reducing the risk of errors, fraud, or malicious activity.
upvoted 1 times
...
...
3008
2 years ago
A IS NOT ANSWER
upvoted 1 times
Idkanything
1 year, 7 months ago
Why change your answer?
upvoted 1 times
3008
1 year, 6 months ago
sorry A is correct.. my mistake.
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel