Certified Information Systems Auditor (CISA) — Question 679

An IS auditor finds that a recently deployed application has a number of developers with inappropriate update access left over from the testing environment. Which of the following would have BEST prevented the update access from being migrated?

Answer options

• A. Including a step within the SDLC to clean-up access prior to go-live
• B. Establishing a role-based matrix for provisioning users
• C. Holding the application owner accountable for application security
• D. Re-assigning user access rights in the quality assurance (QA) environment

Correct answer: A

Explanation

The correct answer is A because including a clean-up step in the SDLC would ensure that only necessary access permissions are retained before the application goes live. Options B, C, and D do not directly address the need to remove inappropriate access permissions specifically before deployment, making them less effective in this scenario.