ExpertMedium1 markMultiple Choice
CPA · Question 20 · Area I: Information Systems
An auditor observes that a company uses a 'test' environment that is an exact replica of the 'production' environment, including real customer data. What is the primary risk associated with this practice?
An auditor observes that a company uses a 'test' environment that is an exact replica of the 'production' environment, including real customer data. What is the primary risk associated with this practice?
Answer options:
A.
Inaccurate test results.
B.
Unauthorized access to confidential data.
C.
Increased storage costs.
D.
Slower application performance.
How to approach this question
Identify the security implication of data in lower environments.
Full Answer
B.Unauthorized access to confidential data.✓ Correct
Production data should be sanitized or obfuscated before being used in lower environments (dev/test) to prevent data leakage.
Common mistakes
Focusing on operational costs rather than security risks.
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium