Certified Information Systems Auditor (CISA) — Question 1301

Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?

Answer options

• A. Reviewing the system log
• B. Reviewing the actual procedures
• C. Reviewing the parameter settings
• D. Interviewing the firewall administrator

Correct answer: C

Explanation

The correct answer is C because reviewing the parameter settings directly reveals how the firewall is configured and whether it adheres to the security policy. Options A and D may provide useful information but do not directly assess the firewall's configuration. Option B focuses on procedures rather than the actual settings of the firewall.