CISA Certified Information Systems Auditor – Question0699

Which of the following is the MOST effective way for an IS auditor to identify unauthorized changes to the production state of a critical business application?

A.
Run an automated scan of the production environment to detect missing software patches.
B. Compare a list of production system changes with the configuration management database (CMDB).
C. Review recently approved changes to application programming interfaces (API) in the production environment.
D. Review recent updates in the configuration management database (CMDB) for compliance with IT policies.

Correct Answer: D