Certified Information Systems Auditor (CISA) — Question 1087

An IS auditor detects that event logging has been disabled on a critical server. Which of the following is the GREATEST concern?

Answer options

• A. Users have the ability to disable logging.
• B. Organizational policies do not prohibit disabling of event logs.
• C. The ability to troubleshoot incidents is limited.
• D. Unauthorized transactions may go undetected.

Correct answer: D

Explanation

The greatest concern is that without event logging, unauthorized transactions can occur without detection, potentially leading to significant security breaches. While other options highlight issues such as user capabilities and troubleshooting limitations, the most critical risk is the lack of oversight on actions taken on the server.