Full Access Isaca CISA Tutorials

Comprehensive and Detailed Step-by-Step Explanation:

Unauthorized code deployment presents acritical security and operational risk.

Option A (Incorrect):Whiledocumentation issuescan cause confusion, they do not directlyjeopardizesecurity or system stability.

Option B (Correct):Deploying code without authorizationbypasseschange management controls, potentially leading to security vulnerabilities, system failures, or compliance violations. This is thegreatest risk.

Option C (Incorrect):Overwriting files can cause issues but isless severethan unauthorized deployment, which may introducemalware or untested features.

Option D (Incorrect):An unresolved bug may causeperformance issues, butunauthorized deploymentposes a higher security and compliance risk.

Comprehensive and Detailed Step-by-Step Explanation:

Exploitationis the phase where testersleverage identified vulnerabilitiestogain unauthorized accessto systems.

Exploitation (Correct Answer – B)

Attackers use techniques such as SQL injection, buffer overflow, or privilege escalation.

Example:A tester exploits a weak password to gain admin access.

Exfiltration (Incorrect – A)

The process of stealing dataaftergaining access.

Reconnaissance (Incorrect – C)

The initial stage where attackers gather information about the target.

Scanning (Incorrect – D)

Involves identifying open ports and services but does not involve actual attacks.

Comprehensive and Detailed Step-by-Step Explanation:

A strongQA functionrequires anindependentreview of changes toavoid biasandensure objectivity.

Option A (Correct):Ifdevelopers review their own changes, there is ahigh risk of biasand overlooking issues, making this the greatest concern. This violatesseparation of dutiesandbest practices for quality assurance.

Option B (Incorrect):Peer reviews within the same teamreduce risksincefresh eyesreview the changes, though it is not as strong as an external review.

Option C (Incorrect):Havingdevelopers from a separate teamreview the code providesbetter objectivityand reduces risks associated withself-review.

Option D (Incorrect):Whilenon-developers may lack technical expertise, their review ensuresindependence, making it a stronger control than self-review.