Certified Information Systems Auditor (CISA) — Question 1047

Which of the following would the IS auditor MOST likely review to determine whether modifications to the operating system parameters were authorized?

Answer options

• A. Change control log
• B. Documentation of exit routines
• C. Security system parameters
• D. System initialization logs

Correct answer: A

Explanation

The correct answer is A, as the change control log records all authorized modifications, making it the primary source for the auditor. The other options do not specifically track authorization of changes to operating system parameters; for example, B pertains to exit procedures, C relates to security settings, and D involves system startup information.