Isaca Certified Information Systems Auditor CISA Question # 280 Topic 29 Discussion
CISA Exam Topic 29 Question 280 Discussion:
Question #: 280
Topic #: 29
Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS audit has been asked to conduct a control assessment. the auditor's BEST course of action would be to determine if:
A.
the patches were updated.
B.
The logs were monitored.
C.
The network traffic was being monitored.
D.
The domain controller was classified for high availability.
The auditor’s best course of action after a security breach in which a hacker exploited a well-known vulnerability in the domain controller is to determine if the logs were monitored. Log monitoring is an essential control for detecting and responding to security incidents, especially when known vulnerabilities exist in the system. The auditor should assess if the logs were properly configured, collected, reviewed, analyzed, and acted upon by the responsible parties. Updating patches, monitoring network traffic, and classifying domain controllers for high availability are also important controls, but they are not directly related to the detection and response of the security breach. References:
CISA Review Manual (Digital Version), page 301
CISA Questions, Answers & Explanations Database, question ID 3340
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit