CISSP · Question #269
A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evi
The correct answer is D. Inform the audit committee or internal audit directly using the corporate whistleblower process.. According to the CISSP CBK Official Study Guide, the best course of action for the database administrator in this scenario is to inform the audit committee or internal audit directly using the corporate whistleblower process. A whistleblower is a person who reports or exposes any
Question
Options
- AIgnore the request and do not perform the change.
- BPerform the change as requested, and rely on the next audit to detect and report the situation.
- CPerform the change, but create a change ticket regardless to ensure there is complete
- DInform the audit committee or internal audit directly using the corporate whistleblower process.
How the community answered
(15 responses)- A7% (1)
- B20% (3)
- C7% (1)
- D67% (10)
Explanation
According to the CISSP CBK Official Study Guide, the best course of action for the database administrator in this scenario is to inform the audit committee or internal audit directly using the corporate whistleblower process. A whistleblower is a person who reports or exposes any wrongdoing, fraud, corruption, or illegal activity within an organization to the appropriate authorities or parties. A whistleblower process is a mechanism that enables and protects the whistleblowers from any retaliation or discrimination, and ensures that their reports are handled properly and confidentially. The database administrator should inform the audit committee or internal audit directly using the corporate whistleblower process, as this would demonstrate their professional ethics and responsibility, as well as their compliance with the organizational policies and standards. The database administrator should not ignore the request and do not perform the change, as this would be unprofessional and irresponsible, and may also expose them to potential pressure or threats from the high-ranking member of management. The database administrator should not perform the change as requested, and rely on the next audit to detect and report the situation, as this would be unethical and illegal, and may also compromise the integrity and reliability of the accounting system database. The database administrator should not perform the change, but create a change ticket regardless to ensure there is complete traceability, as this would be dishonest and risky, and may also create a conflict or discrepancy with the high-ranking member of management.
Topics
Community Discussion
No community discussion yet for this question.