Certified Information Systems Auditor (CISA) — Question 558

Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?

Answer options

• A. Logs are being collected in a separate protected host.
• B. Access to configuration files is restricted.
• C. Automated alerts are being sent when a risk is detected.
• D. Insider attacks are being controlled

Correct answer: B

Explanation

Verifying that access to configuration files is restricted is crucial because it helps prevent unauthorized changes that could compromise the firewall's effectiveness. While collecting logs, sending alerts, and controlling insider attacks are important, they do not directly secure the firewall's configuration, which is a primary concern for auditors.