Certified Information Systems Auditor (CISA) — Question 475

A computer forensic audit is MOST relevant in which of the following situations?

Answer options

• A. Inadequate controls in the IT environment
• B. Mismatches in transaction data
• C. Data loss due to hacking of servers
• D. Missing server patches

Correct answer: C

Explanation

A computer forensic audit is most relevant in cases of data loss due to hacking of servers because it involves investigating the breach and gathering evidence. The other options, while concerning, do not directly relate to the aftermath of a hacking incident where forensics would be necessary to determine the cause and impact.