Certified Information Systems Auditor (CISA) — Question 5

An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers.
Which of the following controls is MOST important for the auditor to confirm it in place?

Answer options

• A. The default configurations have been changed.
• B. All tables in the database are normalized.
• C. The service port used by the database server has been changed.
• D. The default administration account is used after changing the account password.

Correct answer: A

Explanation

Verifying that the default configurations have been changed is crucial because default settings are often insecure and can be easily exploited by attackers. Normalization of tables (option B) improves data integrity but doesn't directly impact security. Changing the service port (option C) can enhance security but is less critical than ensuring configurations are secure. Using the default administration account after changing the password (option D) is a security risk, as it may still allow default access vulnerabilities.