Isaca Certified Information Systems Auditor CISA Question # 326 Topic 33 Discussion
CISA Exam Topic 33 Question 326 Discussion:
Question #: 326
Topic #: 33
An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank ' s customers. Which of the following controls is MOST important for the auditor to confirm is in place?
A.
The default configurations have been changed.
B.
All tables in the database are normalized.
C.
The service port used by the database server has been changed.
D.
The default administration account is used after changing the account password.
Changing the default configurations of a database system is a critical control for securing it from unauthorized access or exploitation. Default configurations often include weak passwords, unnecessary services, open ports, or known vulnerabilities that can be easily exploited by attackers. The other options are not as important as changing the default configurations, as they do not address the root cause of the security risks. Normalizing tables in the database is a design technique for improving data quality and performance, but it does not affect security. Changing the service port used by the database server is a form of security by obscurity, which can be easily bypassed by port scanning tools. Using the default administration account after changing the account password is still risky, as the account name may be known or guessed by attackers. References: CISA Review Manual (Digital Version), Chapter 5, Section 5.2.4
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit