Certified in Risk and Information Systems Control (CRISC) — Question 947

Which of the following is the MOST effective way to identify an application backdoor prior to implementation?

Answer options

• A. Vulnerability analysis
• B. Database activity monitoring
• C. User acceptance testing (UAT)
• D. Source code review

Correct answer: D

Explanation

The correct answer is D, as a source code review allows for a thorough examination of the application's code, making it easier to spot potential backdoors. Options A and B focus on identifying vulnerabilities or monitoring activities after implementation, while C is more about user feedback than security.