U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IIBA CBAP Exam - Topic 4 Question 68 Discussion

A conservative company with rigorous risk control plans and internal audit rules has a recurrent problem with a core Business application. As a result access to this application must be restricted and controlled and maintenance must be on-site. However, the company feels that the application must have an emergency service team. The routine maintenance of this solution is provided by an external vendor and the vendor requested 24 hours remote access to quality and production data. In this context what is the company's response to the vendor's request?
C) Denied- because the vendor requested it
A) Dented because of the company's risk aversion
B) Accepted, because the company has an urgent problem to solve
D) Accepted, because immediate remote access will resolve any issue

IIBA CBAP Exam - Topic 4 Question 68 Discussion

Actual exam question for IIBA's CBAP exam
Question #: 68
Topic #: 4
[All CBAP Questions]

A conservative company with rigorous risk control plans and internal audit rules has a recurrent problem with a core Business application. As a result access to this application must be restricted and controlled and maintenance must be on-site. However, the company feels that the application must have an emergency service team. The routine maintenance of this solution is provided by an external vendor and the vendor requested 24 hours remote access to quality and production dat

a. In this context what is the company's response to the vendor's request?

Show Suggested Answer Hide Answer
Suggested Answer: C

Contribute your Thoughts:

0/2000 characters
Cory
7 months ago
They’ll probably stick to their guns and deny it.
upvoted 0 times
...
Viva
8 months ago
Wait, they’d actually consider remote access? That’s surprising!
upvoted 0 times
...
Leatha
8 months ago
No way they’ll give remote access, too risky!
upvoted 0 times
...
Paola
8 months ago
I think they might accept it, they need help fast!
upvoted 0 times
...
Cecilia
8 months ago
Definitely denied because of their strict risk policies.
upvoted 0 times
...
Ettie
8 months ago
I’m torn between A and C. Denying the request seems logical, but if there's an urgent problem, maybe they would accept it just this once?
upvoted 0 times
...
Irma
8 months ago
This reminds me of a practice question where a vendor's access was denied due to strict internal controls. I feel like that could apply here too.
upvoted 0 times
...
Jannette
8 months ago
I’m not entirely sure, but I think if the company has a serious issue, they might consider accepting the request despite their usual protocols.
upvoted 0 times
...
Ashlee
9 months ago
I remember we discussed how risk-averse companies often prioritize security over convenience, so I think the answer might lean towards denying the request.
upvoted 0 times
...
Lawrence
9 months ago
Hmm, I'm a bit unsure about this one. The wording is a bit confusing, and I want to make sure I understand exactly what they're asking for. Let me re-read it carefully.
upvoted 0 times
...
Barabara
9 months ago
Okay, I've got an idea. Since the default OWD is Public Read/Write, we need to find a way to override that for the community users. I'm thinking option B, defining an owner-based sharing rule, might be the way to go.
upvoted 0 times
...
Theron
9 months ago
Okay, let me think this through. I know systemd-journald is the newer logging system, so I'll focus on understanding how it works and how it differs from syslog.
upvoted 0 times
...
Keith
9 months ago
I have a hunch that modifying the NAT policy might not even be necessary; maybe we just need to check the access policy settings.
upvoted 0 times
...
Lashon
1 year ago
The vendor must be living in a fantasy land if they think a 'rigorous risk control' company is going to let them remote in. They might as well ask the CEO to hand over their login credentials and social security numbers while they're at it.
upvoted 0 times
...
Pamella
1 year ago
I'm torn, but I think the company will go with option A. They're all about the risk control, and 24-hour remote access is a big no-no in their world. Guess the vendor will have to pack their bags and come on-site.
upvoted 0 times
Genevieve
1 year ago
C) Denied- because the vendor requested it
upvoted 0 times
...
Brandon
1 year ago
B) Accepted, because the company has an urgent problem to solve
upvoted 0 times
...
Tabetha
1 year ago
A) Dented because of the company's risk aversion
upvoted 0 times
...
...
Reta
1 year ago
Haha, the vendor is really pushing their luck here. 'Because I asked for it' is definitely not a valid reason for a company this risk-averse. They'll probably respond with a firm 'Denied' and a strongly worded email.
upvoted 0 times
Daren
1 year ago
Haha, the vendor is really pushing their luck here. 'Because I asked for it' is definitely not a valid reason for a company this risk-averse. They'll probably respond with a firm 'Denied' and a strongly worded email.
upvoted 0 times
...
Karima
1 year ago
The company's security measures are non-negotiable
upvoted 0 times
...
Pa
1 year ago
A) Dented because of the company's risk aversion
upvoted 0 times
...
Brett
1 year ago
They won't budge on this one, strict rules in place
upvoted 0 times
...
Janae
1 year ago
Denied- because the vendor requested it
upvoted 0 times
...
...
Lettie
1 year ago
I'm going with option C. No way a conservative company like this is going to give remote access to their production data, no matter how urgent the problem is. Security trumps convenience.
upvoted 0 times
Rutha
1 year ago
C) Denied- because the vendor requested it
upvoted 0 times
...
Vannessa
1 year ago
B) Accepted, because the company has an urgent problem to solve
upvoted 0 times
...
Casandra
1 year ago
A) Dented because of the company's risk aversion
upvoted 0 times
...
Bernardine
1 year ago
I understand the concern, but sometimes you have to weigh the risks against the benefits.
upvoted 0 times
...
Clay
1 year ago
Even then, I think the risk is too high to grant remote access.
upvoted 0 times
...
Silvana
1 year ago
But what if the issue is critical and needs immediate attention?
upvoted 0 times
...
Marshall
1 year ago
I agree, security should always come first.
upvoted 0 times
...
...
Cammy
1 year ago
This is a tricky one. The company's risk aversion and strict internal policies make me think they'll deny the vendor's request. But if the issue is really that urgent, they might make an exception.
upvoted 0 times
Lorean
1 year ago
B) Accepted, because the company has an urgent problem to solve
upvoted 0 times
...
Elise
1 year ago
A) Dented because of the company's risk aversion
upvoted 0 times
...
...
Cherilyn
1 year ago
That's true, maybe the company will accept it for that reason.
upvoted 0 times
...
Delpha
1 year ago
But what if the vendor needs immediate access to fix the problem?
upvoted 0 times
...
Cherilyn
1 year ago
I think the company will deny the vendor's request.
upvoted 0 times
...

Save Cancel