Certified in Risk and Information Systems Control (CRISC) — Question 320

Which of the following is the PRIMARY reason for monitoring activities performed in a production database environment?

Answer options

• A. Preventing system developers from accessing production data
• B. Deterring illicit actions of database administrators
• C. Enforcing that changes are authorized
• D. Ensuring that database changes are correctly applied

Correct answer: B

Explanation

The correct answer is B because monitoring is essential to prevent unauthorized or malicious activities by database administrators, who have elevated privileges. Options A, C, and D, while important aspects of database management, do not address the primary concern of deterring potential abuses of access rights by those with administrative capabilities.