幫忙解釋一下嗎?

10 views
Skip to first unread message

joanne lo

unread,
Nov 30, 2011, 8:13:34 AM11/30/11
to CISA 201110

Area: 4
Q367
R4-36 IS管理員最近通知IS審計師準備在支付系統中禁用某些參照完整性控制,以便為用戶提供更快的報告產生速度,這有可能導致下面哪種風險?
A. 非授權用戶訪問資料
B. 對不存在的職工支付工資
C. 擅自提高雇員工資.
D. 授權用戶重復資料輸入
我的答案是c(因為b連primary key 都沒有了)

36. IS management has recently informed the IS auditor of its decision
to disable certain referential integrity controls in the payroll
system to provide users with a faster report generator. This will MOST
likely increase the risk of:
A. data entry by unauthorized users.
B. a nonexistent employee being paid.
C. an employee receiving an unauthorized raise.
D. duplicate data entry by authorized users.

The correct answer is:
B. a nonexistent employee being paid.


Explanation:
Referential integrity controls prevent the occurrence of unmatched
foreign key values. Given that a nonexistent employee does not appear
in the employees table, there will never be a corresponding entry in
the salary payment's table. The other choices cannot be detected by
referential integrity controls.

柯少棠

unread,
Dec 1, 2011, 12:38:49 AM12/1/11
to cisa2...@googlegroups.com
D. 授權用戶重復資料輸入

柯少棠

unread,
Dec 1, 2011, 1:26:10 AM12/1/11
to cisa2...@googlegroups.com
更正一下
B. 應該是對的
 
因為無參照完整性控制確實有可會導致重複資料輸入
但試想因為檢核該員工是否還在職的關聯被移除了,
萬一又把錢錯入該員帳戶的風險似乎較大
Reply all
Reply to author
Forward
0 new messages