To best detect malicious activity from a programmer who modified and restored production code, which procedure should be employed?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the CISA Domain 4 Exam. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

To best detect malicious activity from a programmer who modified and restored production code, which procedure should be employed?

Explanation:
To effectively detect malicious activity involving modifications to production code, reviewing system log files is a critical procedure. System log files provide a chronological record of all system activities, including user access, changes made to files, and system events. By examining logs, an auditor can identify anomalies such as unexpected code changes, access at unusual hours, or actions taken by users with inappropriate privileges that could suggest malicious behavior. In the scenario where a programmer has modified and restored production code, log files may reveal unauthorized access attempts, time stamps of code changes, and user actions that do not comply with the standard change management procedures. If a programmer had the necessary permissions to make changes, the logs would still help in contextualizing whether those changes were aligned with standard operating procedures or were indicative of potential wrongdoing. While comparing source code, comparing object code, and reviewing executable and source code integrity are useful techniques for validating the integrity of the code itself, they may not immediately identify the malicious activity related to the modification and restoration process. These methods focus more on the results of changes rather than the behavior surrounding those changes. Therefore, reviewing system log files stands out as the most effective procedure to detect and understand the context of the malicious activity.

To effectively detect malicious activity involving modifications to production code, reviewing system log files is a critical procedure. System log files provide a chronological record of all system activities, including user access, changes made to files, and system events. By examining logs, an auditor can identify anomalies such as unexpected code changes, access at unusual hours, or actions taken by users with inappropriate privileges that could suggest malicious behavior.

In the scenario where a programmer has modified and restored production code, log files may reveal unauthorized access attempts, time stamps of code changes, and user actions that do not comply with the standard change management procedures. If a programmer had the necessary permissions to make changes, the logs would still help in contextualizing whether those changes were aligned with standard operating procedures or were indicative of potential wrongdoing.

While comparing source code, comparing object code, and reviewing executable and source code integrity are useful techniques for validating the integrity of the code itself, they may not immediately identify the malicious activity related to the modification and restoration process. These methods focus more on the results of changes rather than the behavior surrounding those changes. Therefore, reviewing system log files stands out as the most effective procedure to detect and understand the context of the malicious activity.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy