Certified Ethical Hacker (CEH v13) — Question 165

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Answer options

• A. Perform a vulnerability scan of the system.
• B. Determine the impact of enabling the audit feature.
• C. Perform a cost/benefit analysis of the audit feature.
• D. Allocate funds for staffing of audit log review.

Correct answer: B

Explanation

Determining the impact of enabling the audit feature is crucial because it helps the bank understand how it will affect system performance and compliance. While a vulnerability scan (A) and cost/benefit analysis (C) are important steps, they should come after understanding the implications of the audit. Allocating funds for staffing (D) is also premature without first assessing the impact of the audit feature.