Certified Information Systems Auditor (CISA) — Question 66

A data center’s physical access log system captures each visitor’s identification document numbers along with the visitor’s photo. Which of the following sampling methods would be MOST useful to an IS auditor conducting compliance testing for the effectiveness of the system?

Answer options

• A. Attribute sampling
• B. Quota sampling
• C. Variable sampling
• D. Haphazard sampling

Correct answer: A

Explanation

Attribute sampling is appropriate here as it allows the auditor to test specific attributes of the access logs, such as the presence of identification numbers and photos. The other methods, like quota and variable sampling, focus on different aspects or may not provide the targeted insights needed for compliance testing.