Certified Information Systems Auditor (CISA) — Question 414

An IS auditor is reviewing a recent security incident and is seeking information about the approval of a recent modification to a database system's security settings. Where would the auditor MOST likely find this information?

Answer options

• A. Security incident and event management (SIEM) report
• B. Change log
• C. System event correlation report
• D. Database log

Correct answer: B

Explanation

The correct answer is B, the Change log, as it records all modifications made to the system, including security settings. The other options, such as the SIEM report and system event correlation report, focus on analyzing incidents rather than documenting changes, while the database log is more concerned with transactions and access rather than approval records.