Certified Incident Handler (ECIH v3) — Question 39

An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

Answer options

• A. It helps calculating intangible losses to the organization due to incident
• B. It helps tracking individual actions and allows users to be personally accountable for their actions
• C. It helps in compliance to various regulatory laws, rules,and guidelines
• D. It helps in reconstructing the events after a problem has occurred

Correct answer: A

Explanation

The correct answer is A because an audit trail policy primarily focuses on tracking actions and ensuring accountability rather than calculating intangible losses. Options B, C, and D accurately describe the functions of an audit trail policy, emphasizing accountability, compliance, and event reconstruction.