ExpertHard1 markMultiple Choice
CPA · Question 13 · Area III: SOC Engagements
A service organization is preparing for a SOC 2® engagement. They have identified a risk that unauthorized changes to the production database could result in data integrity issues. Which of the following is a 'preventive' control addressing this risk?
A service organization is preparing for a SOC 2® engagement. They have identified a risk that unauthorized changes to the production database could result in data integrity issues. Which of the following is a 'preventive' control addressing this risk?
Answer options:
A.
Reviewing database logs weekly for unauthorized queries
B.
Restricting database write access to a specific service account managed by the application
C.
Setting up alerts for failed login attempts
D.
Performing a quarterly user access review
How to approach this question
Distinguish between Preventive (stops it happening) and Detective (finds out it happened). Access restriction stops it.
Full Answer
B.Restricting database write access to a specific service account managed by the application✓ Correct
Restricting database write access to a specific service account managed by the application
Restricting access is a preventive control because it stops the unauthorized action before it can occur. Reviews and logs are detective.
Common mistakes
Classifying reviews or logs as preventive.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard