ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 279 discussion

Actual exam question from Isaca's CISA
Question #: 279
Topic #: 1
[All CISA Questions]

In an IT organization where many responsibilities are shared, which of the following is the BEST control for detecting unauthorized data changes?

  • A. Users are required to periodically rotate responsibilities.
  • B. Segregation of duties conflicts are periodically reviewed.
  • C. Data changes are logged in an outside application.
  • D. Data changes are independently reviewed by another group.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Changwha at July 16, 2023, 3:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dan08
Highly Voted 4 months, 3 weeks ago
Selected Answer: D
Option D directly addresses the detection of unauthorized data changes by having a separate group or individual review the changes independently. This independent review can help identify discrepancies or anomalies that may indicate unauthorized access or alterations to data, providing an effective control for detecting unauthorized changes. Option C poses a Self-review threat since it is responsibility that is shared, not simply access.
upvoted 5 times
...
46080f2
Most Recent 1 month, 1 week ago
Selected Answer: D
One might be tempted to choose C. But C. is not a control, i.e. logging per se is not yet a control. It only becomes part of a control with the review, but the actual control here is the review. So the correct answer is D. Data changes are independently reviewed by another group.
upvoted 2 times
...
blues_lee
5 months, 2 weeks ago
Selected Answer: C
Data are logged into another application to be reviewed. If it’s independently reviewed by another group, logs can be tampered with. C is the answer
upvoted 1 times
ChaBum
4 months, 1 week ago
if logs are store in an immutable storage, reviewing them won't bring any risk of being tampered
upvoted 1 times
...
...
Rachy
5 months, 4 weeks ago
Selected Answer: C
Data are logged into another application to be reviewed. If it’s independently reviewed by another group, logs can be tampered with. C is the answer
upvoted 1 times
ChaBum
4 months, 1 week ago
if logs are store in an immutable storage, reviewing them won't bring any risk of being tampered
upvoted 1 times
...
...
Changwha
12 months ago
D. Data changes are independently reviewed by another group.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago