Certified Information Systems Auditor (CISA) — Question 768

Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization's security policy?

Answer options

• A. Analyzing how the configuration changes are performed
• B. Performing penetration testing
• C. Reviewing the rule base
• D. Analyzing log files

Correct answer: C

Explanation

Reviewing the rule base directly shows how the firewall is set up to enforce security policies, making it the best evidence of compliance. While analyzing configuration changes and conducting penetration testing can provide insights, they do not directly confirm adherence to the specific policies. Analyzing log files offers operational insights but does not validate the configuration itself.