An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm it in place?
A.
The default configurations have been changed.
B.
All tables in the database are normalized.
C.
The service port used by the database server has been changed.
D.
The default administration account is used after changing the account password.
The service port used by the database server has been changed. This is a critical security control as changing the default service port can help prevent unauthorized access to the database system. If the service port is not changed, attackers can use tools to scan the network for open ports and attempt to exploit vulnerabilities in the database system.
The default configurations have been changed. Although changing default configurations is a good practice, it is not the most critical control in this scenario
The default administration account is used after changing the account password. Although changing the default administration account password is a good practice, it is not the most critical control in this scenario. Additionally, using the default administration account is not recommended as attackers may already know the username and try to guess the password
All tables in the database are normalized. Although normalization is a good practice to ensure data consistency and eliminate redundancy, it is not a security control.
The default settings should be changed, but they are useless if there is a violation of the integrity and accuracy of the data. Therefore, the first option B, later option A
Answer: B.
The objectives of database normalization:
To correct duplicate data and database anomalies.
To avoid creating and updating any unwanted data connections and dependencies.
To prevent unwanted deletions of data.
To optimize storage space.
To reduce the delay and complexity of checking databases when new types of data need to be introduced.
To facilitate the access and interpretation of data to users and applications that make use of the databases
You have normalised all things but yiu have not changed global default setting then anyone can access the data hence critical is to change default setting
The default settings should be changed, but can also be consistent with the organization's information security policy and be a baseline. Without normalization, data integrity will be lost, which is important
upvoted 1 times
...
...
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 4 years, 2 months agoWongY
4 years agoA_Salem
Highly Voted 3 years, 1 month agoYejide03
Most Recent 8 months, 1 week ago3008
1 year, 5 months ago3008
1 year, 5 months ago3008
1 year, 5 months ago3008
1 year, 5 months agojasonlu
2 years, 7 months agothabet1
2 years, 8 months agoSkorte
2 years, 11 months agoblack_cat2000
3 years agoNehalpandya
3 years, 10 months agoSkorte
3 years, 11 months agoNehalpandya
3 years, 10 months agoSkorte
2 years, 11 months ago