ExpertMedium1 markMultiple Choice
CPA · Question 62 · Area I: Information Systems
An auditor is reviewing a SQL query: SELECT * FROM Employees WHERE Salary > 100000;. What is the risk of using SELECT * in production code?
An auditor is reviewing a SQL query: SELECT * FROM Employees WHERE Salary > 100000;. What is the risk of using SELECT * in production code?
Answer options:
A.
It retrieves unnecessary data, causing performance issues and potential data exposure if schema changes.
B.
It causes a syntax error.
C.
It automatically deletes data.
D.
It bypasses authentication.
How to approach this question
Identify the efficiency/maintenance risk.
Full Answer
A.It retrieves unnecessary data, causing performance issues and potential data exposure if schema changes.✓ Correct
A
Using `SELECT *` retrieves all columns. If the table has sensitive columns added later, or large BLOB fields, the application might expose data it shouldn't or suffer performance degradation. Best practice is to list specific columns.
Common mistakes
Thinking `SELECT *` is a security vulnerability like SQL Injection (it's just bad practice).
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium