Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam

Exam CISA topic 1 question 1576 discussion

Actual exam question from Isaca's CISA
Question #: 1576
Topic #: 1
[All CISA Questions]

A business area received an audit finding because an administrator made unapproved emergency changes to a critical system. Which of the following would BEST prevent unapproved changes in the future?

  • A. Two-factor authentication on emergency access accounts
  • B. Updated emergency change management procedures
  • C. Regular emergency change-control log reviews
  • D. Dual-control temporary emergency access accounts
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
blehbleh
4 weeks ago
Selected Answer: B
I vote B, you need clearly defined procedures. I understand D as an extra control. But if there are still no procedures in place that explain how something is supposed to be done or how to correctly do things you are just adding a control without informing anyone how to conduct the work. So should an emergency change be required again two people could very easily just do an emergency change again without following any procedures because they were still never created.
upvoted 1 times
...
RS66
3 months ago
Selected Answer: D
D. Dual-control temporary emergency access accounts
upvoted 2 times
...
4dfe785
3 months, 3 weeks ago
Selected Answer: D
Dual-control (or two-person integrity) requires two individuals to authorize and execute actions. By implementing dual-control for emergency access accounts, it ensures that no single administrator can make changes without the approval of another authorized individual. This significantly reduces the risk of unapproved changes as it requires collaboration and oversight, providing a robust mechanism for preventing unauthorized actions.
upvoted 2 times
...
Swallows
4 months ago
Selected Answer: B
To most effectively prevent unauthorized emergency changes, B. Updating emergency change management procedures is the best option. The reason is that clearly defining procedures and reinforcing the necessary approval processes will encourage managers to follow proper procedures when making changes. This will reduce the risk of unauthorized changes occurring in the future. D. "Dual-control temporary emergency access accounts" is also effective, but a review of fundamental procedures should be prioritized.
upvoted 1 times
...
joehong
4 months ago
Selected Answer: D
Dual-control accounts require two individuals to authorize and execute changes, which significantly reduces the risk of unapproved changes.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...