Certified Ethical Hacker (CEH) — Question 101

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Answer options

• A. Perform a vulnerability scan of the system.
• B. Determine the impact of enabling the audit feature.
• C. Perform a cost/benefit analysis of the audit feature.
• D. Allocate funds for staffing of audit log review.

Correct answer: B

Explanation

Determining the impact of enabling the audit feature is crucial as it helps the bank understand the potential effects on performance and compliance before implementation. The other options, while important, should be considered after the bank has assessed the implications of enabling auditing. A vulnerability scan and cost/benefit analysis would follow this initial assessment.