312-50V10 · Question #184
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enablin
The correct answer is B. Determine the impact of enabling the audit feature.. Before enabling an audit feature on a production system, the organization must first assess the operational impact to avoid unintended disruption. Understanding impact precedes planning, budgeting, or scanning.
Question
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?
Options
- APerform a vulnerability scan of the system.
- BDetermine the impact of enabling the audit feature.
- CPerform a cost/benefit analysis of the audit feature.
- DAllocate funds for staffing of audit log review.
How the community answered
(51 responses)- A16% (8)
- B75% (38)
- C2% (1)
- D8% (4)
Why each option
Before enabling an audit feature on a production system, the organization must first assess the operational impact to avoid unintended disruption. Understanding impact precedes planning, budgeting, or scanning.
A vulnerability scan assesses security weaknesses in the system but does not address the operational consequences of enabling the audit feature itself.
Determining the impact of enabling auditing is the critical first step because audit logging can significantly affect system performance, disk I/O, storage consumption, and application behavior on a live banking system. Without understanding this impact, the organization risks degrading services that process sensitive loan data. All subsequent steps - cost analysis, staffing, and vulnerability scanning - depend on this impact assessment.
A cost/benefit analysis is a valid step but comes after the impact has been determined - you cannot perform a meaningful cost analysis without first knowing the impact.
Allocating staffing funds is a downstream planning activity that occurs after the decision to enable auditing has been made and its impact understood.
Concept tested: Audit logging impact assessment before implementation
Source: https://csrc.nist.gov/publications/detail/sp/800-92/final
Topics
Community Discussion
No community discussion yet for this question.