Domain 4: Change and incident Management

Question 1

cyclic redundancy check (CRC)

Answer 1

The accuracy of blocks of data transfers, such as data transfer from hard disks, is validated by a cyclic redundancy check (CRC).

Question 2

Checksum

Answer 2

A checksum or digital signature is commonly used to validate the integrity of a downloaded program or other transferred data.

Question 3

Emergency Releases

Answer 3

Emergency releases to an application are fixes that require implementation as quickly as possible to prevent significant user downtime. Emergency release procedures are followed in such situations.

Question 4

Code Signing

Answer 4

Code signing ensures that the executable code came from a reputable source and has not been modified after being signed.

Question 5

configuration management

Answer 5

The configuration management process may include automated tools that will provide an automated recording of software release baselines. Should the new release fail, the baseline will provide a point to which to return.

Question 6

Baseline

Answer 6

baseline itself refers to a standard configuration

Question 7

DBA Responsibilities

Answer 7

A. Performing database changes according to change management procedures would be a normal function of the database administrator (DBA) and would be compliant with the procedures of the organization.

B. Installing patches or upgrades to the operating system is a function that should be performed by a systems administrator, not by a DBA. If a DBA were performing this function, there would be a risk based on inappropriate segregation of duties.

C. A DBA is expected to support the business through helping design, create and maintain databases and the interfaces to the databases.

D. The DBA often performs or supports database backup and recovery procedures.

Question 8

postincident review

Answer 8

A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls. Understanding the purpose and structure of postincident reviews and follow-up procedures enables the information security manager to continuously improve the security program. Improving the incident response plan based on the incident review is an internal (corrective) control.

Question 9

developer requires full access to production data

Answer 9

Providing separate login IDs that would only allow a developer privileged access when required is a good compensating control, but it must also be backed up with monitoring and supervision of the activity of the developer.

Question 10

Availability vs. Integrity of Data

Answer 10

Because most data in a data warehouse are historic and do not need to be changed, applying read-only restrictions prevents data manipulation.

Backups address availability, not integrity. Validated backups ensure that the backup will work when needed.

Question 11

DBA User Account

Answer 11

The use of a DBA user account is normally set up to log all changes made and is most appropriate for changes made outside of normal hours. The use of a log, which records the changes, allows changes to be reviewed. Because an abbreviated number of steps are used after hours, this represents an adequate set of compensating controls.

Question 12

Fallback Procedures

Answer 12

Fallback procedures are used to restore a system to a previous state and are an important element of the change control process. The other choices are not related to the change control process—a process which specifies what procedures should be followed when software is being upgraded but the upgrade does not work and requires a fallback to its former state.

Question 13

configuration management database (CMDB)

Answer 13

The configuration management database (CMDB) is used to track configuration items (CIs) and the dependencies between them. An out-of-date CMDB in a large multinational company could result in incorrect approvals being obtained, or leave out critical dependencies during the test phase.

Question 14

Steps to Problem Management

Answer 14

A. Analysis and resolution are performed after logging and triage have been performed.

B. Exception ranking can only be performed once the exceptions have been reported.

C. The reporting of operational issues is normally the first step in tracking problems.

D. Root cause analysis is performed once the exceptions have been identified and is not normally the first part of problem management.

Question 15

software version control system

Answer 15

It is common practice for software changes to be tracked and controlled using version control software. An IS auditor should review reports or logs from this system to identify the software that is promoted to production. Only moving the versions on the version control system (VCS) program will prevent the transfer of development or earlier versions.

Question 16

Preventative Maintenance During Peak Times

Answer 16

Preventive maintenance activities should be scheduled for non-peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime.

Question 17

library control software

Answer 17

Library control software should be used to separate test from production libraries in mainframe and/or client server environments. The main objective of library control software is to provide assurance that program changes have been authorized

Question 18

Source Code and Object Code

Answer 18

Date and time-stamp reviews of source and object code would ensure that source code, which has been compiled, matches the production object code. This is the most effective way to ensure that the approved production source code is compiled and is the one being used.

Question 19

What is a log control

Answer 19

Having a log is not a control; reviewing the log is a control.