CISA Certified Information Systems Auditor – Question2906 - CISA Certified Information Systems Auditor

An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?

A. Log all table update transactions.
B. implement before-and-after image reporting.
C. Use tracing and tagging.
D. implement integrity constraints in the database.

Correct Answer: D

Explanation:

Explanation:
Implementing integrity constraints in the database is a preventive control, because data is checked against predefined tables or rules preventing any undefined data from being entered. Logging all table update transactions and implementing before-and-after image reporting are detective controls that would not avoid the situation. Tracing and tagging are used to test application systems and controls and could not prevent out-of-range data.