Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 178 discussion

Actual exam question from Isaca's CISA
Question #: 178
Topic #: 1
[All CISA Questions]

Following an internal audit of a database, management has committed to enhance password management controls. Which of the following provides the BEST evidence that management has remediated the audit finding?

  • A. Screenshots from end users showing updated password settings
  • B. Interviews with management about remediation completion
  • C. Change tickets of recent password configuration updates
  • D. Observation of updated password settings with database administrators (DBAs)
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by gmutonyi at June 1, 2021, 10:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
A_Salem
Highly Voted 3 years, 2 months ago
From CISA Review Questions, Answers and Explanations Manual 12th Edition, Question A4-80 Observation is the best and most effective method to test changes to ensure that the process is effectively designed. The answer is D. Observation of updated password settings Note that a report generated from the system directly by the auditor as an evidence is better than observation because the report is more objective than observation.
upvoted 17 times
...
Mduduzi_Gabaza
Most Recent 1 week, 3 days ago
Selected Answer: D
Surely observation of the settings/configuration is better.
upvoted 1 times
...
46080f2
5 months, 1 week ago
Selected Answer: D
If the question is about best evidence, then direct verification on the system in option D. is better than just logging a change in a ticket (C.) . In terms of database systems, password configurations are typically a database administration task while password configurations with end-user access - even if it is read-only - are more typical in the PC/desktop area. Interviews with management (B.) are certainly not the best evidence, as their information again only reflects what they are told by their employees. Therefore, my bet is on D. Observation of updated password with database administrators.
upvoted 1 times
...
a84n
6 months, 3 weeks ago
Selected Answer: C
Answer: C
upvoted 1 times
...
Swallows
7 months, 1 week ago
Selected Answer: C
By reviewing the ticket content of recent password updates, it is possible to determine the nature of the remedial action adopted by management.
upvoted 1 times
...
dan08
8 months, 3 weeks ago
Selected Answer: C
The BEST evidence lies in C. Change tickets of recent password configuration updates. These change tickets provide a documented trail of actions taken by management to enhance password security. By reviewing these records, auditors can verify that the necessary changes were implemented and that password policies were strengthened.
upvoted 1 times
...
TTH1019
1 year, 5 months ago
Selected Answer: C
Change tickets are formal records that document changes made to a system or its configuration. In this case, change tickets specifically related to password configuration updates would demonstrate that management has taken action to enhance password management controls. The change tickets would provide a clear trail of the changes made, including details such as the date, time, and individuals involved in the password configuration updates.
upvoted 3 times
...
007Georgeo
1 year, 6 months ago
Selected Answer: D
Observation is the best and most effective method
upvoted 4 times
[Removed]
11 months, 1 week ago
Inspection is greater than observation. Answer is A
upvoted 1 times
...
...
Olu111
2 years, 1 month ago
The question is asking for the evidence of remediation. The auditor cannot observe this because he already gave his findings and needs to receive evidence the audit fail had been corrected. A is the best answer in my opinion
upvoted 1 times
...
gmutonyi
3 years, 5 months ago
A. Screenshots from end users showing updated password settings
upvoted 4 times
A_Salem
3 years, 2 months ago
No, From CISA Review Questions, Answers and Explanations Manual 12th Edition, Question A1-36 The rules may be modified by the administrator prior to taking the screenshot; therefore, this is not the best evidence.
upvoted 4 times
...
ashleycc
2 years, 8 months ago
A should not be correct, just the screenshot will not give u the whole picture of the password setting, to me ans should be C or D
upvoted 2 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel