Certified Information Systems Auditor (CISA) — Question 1009

What is the BEST way for an IS auditor to test the effectiveness of physical security controls for an organization's data center?

Answer options

• A. Compare physical security controls against industry best practice.
• B. Inspect surveillance footage of the data center.
• C. Conduct an onsite inspection of physical security at the data center.
• D. Review badge access logs for the data center.

Correct answer: C

Explanation

The correct answer is C, as conducting an onsite inspection allows the auditor to directly assess the physical security controls in their actual environment. Options A, B, and D provide valuable information but do not offer the same level of firsthand evaluation as an onsite inspection.