During a walkthrough of the change management process, an auditor observes that developers have write access to the production environment to deploy hotfixes quickly. Which principle does this violate?

Answer options:

Least Privilege

Defense in Depth

Segregation of Duties

Availability Management

How to approach this question

Identify the risk of one person having authority to both create and implement changes.

Full Answer

C.Segregation of Duties✓ Correct

Segregation of Duties

Segregation of Duties (SoD) ensures that no single individual has control over all phases of a transaction or process. Developers deploying their own code to production bypasses independent testing and approval.

Common mistakes

Selecting Least Privilege (which is true but SoD is the specific control failure here).

Question 02 All questions Question 04

Practice the full CPA ISC Practice Exam 2

82 questions · hints · full answers · grading

More questions from this exam

Q01A service organization provides a cloud-based payroll platform where clients access the software ...Medium Q02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...Hard Q04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...Hard Q05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium Q06Under GDPR, which principle requires that personal data be adequate, relevant, and limited to wha...Medium

View all 82 questions →