Certified Information Systems Auditor (CISA) — Question 1139

Which of the following controls helps to ensure that data extraction queries run by the database administrator (DBA) are monitored?

Answer options

• A. Performing periodic access reviews
• B. Storing logs of database access
• C. Restricting access to DBA activities
• D. Reviewing activity logs of the DBA

Correct answer: D

Explanation

The correct answer is D because reviewing the activity logs of the DBA directly allows for monitoring the queries they run. Options A and C focus on access control rather than monitoring, and B, while important for security, does not provide real-time oversight of the DBA's actions.