Certified Information Systems Auditor (CISA) — Question 433

An IS auditor concludes that logging and monitoring mechanisms within an organization are ineffective because central servers are not included within the central log repository. Which of the following audit procedures would have MOST likely identified this exception?

Answer options

• A. Comparing all servers included in the current central log repository with the listing used for the prior-year audit
• B. Inspecting a sample of alerts generated from the central log repository
• C. Comparing a list of all servers from the directory server against a list of all servers present in the central log repository
• D. Inspecting a sample of alert settings configured in the central log repository

Correct answer: C

Explanation

The correct answer, C, involves comparing the directory server's list of all servers with those in the central log repository, which would directly reveal any missing central servers. Answer A focuses on historical data and may not highlight current omissions, while B and D pertain to alerts and settings rather than the completeness of server inclusion in the log repository.