Certified in Risk and Information Systems Control (CRISC) — Question 349

Which of the following is the MOST effective control to maintain the integrity of system configuration files?

Answer options

• A. Implementing automated vulnerability scanning
• B. Restricting access to configuration documentation
• C. Recording changes to configuration files
• D. Monitoring against the configuration standard

Correct answer: D

Explanation

Monitoring against the configuration standard is crucial as it ensures that any deviations from the expected configurations are detected and addressed promptly. The other options, while useful, do not provide the same level of ongoing integrity assurance for the configuration files as they focus on either prevention or documentation rather than active monitoring.