CBAP Exam - Question 439

Question

A conservative company with rigorous risk control plans and internal audit rules has a recurrent problem with a core business application. As a result, access to this application must be restricted and controlled and maintenance must be on-site. However, the company feels that the application must have an emergency service team. The routine maintenance of this solution is provided by an external vendor and the vendor requested 24 hours remote access to quality and production data. In this context, what is the company's response to the vendor's request?

Examice · Accepted Answer

The company's conservative nature with rigorous risk control plans and internal audit rules means they prioritize security and control. Given that they have a recurrent problem with a core business application, they require restricted and controlled access and insist that maintenance must be on-site. This implies a significant level of risk aversion. Therefore, the request for 24 hours remote access from an external vendor goes against their stringent policies, making it necessary to deny the request to adhere to their risk management approach.

rupakarthik · Answer

Ans-B. Read first 2 sentences.

DoomsdayNair · Answer

B. Denied, because of the company's risk aversion

rebelng · Answer

The answer is B. Company policy cannot be changed for routine maintenance.

Jules_Cmrfrd · Answer

B. Denied, because of the company's risk aversion

binu801 · Answer

How the maintenance will be done without access. either the org should do it in house , but if it decides to outsource it has to provide all necessary data and access- so between C and D

OlivierPaudex · Answer

24 hours remote access and production data access is far too much to resolve a problem.
I will go for B, denied because of risk aversion

Sha7rour · Answer

Answer is B , question said MUST be in house

CBAP Exam - Question 439

Discussion