Certified Information Systems Security Professional (CISSP) — Question 403

When assessing the audit capability of an application, which of the following activities is MOST important?

Answer options

• A. Identify procedures to investigate suspicious activity.
• B. Determine if audit records contain sufficient information.
• C. Verify if sufficient storage is allocated for audit records.
• D. Review security plan for actions to be taken in the event of audit failure.

Correct answer: B

Explanation

The most important activity is to determine if audit records contain sufficient information, as this ensures that the audit process can effectively identify and analyze security incidents. While the other options address important aspects of auditing, they do not directly impact the quality and effectiveness of the audit records themselves.