312-50V12 Question #266: Real Exam Question with Answer & Explanation

Question

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Options

• APerform a vulnerability scan of the system.
• BDetermine the impact of enabling the audit feature.
• CPerform a cost/benefit analysis of the audit feature.
• DAllocate funds for staffing of audit log review.

Explanation

Before enabling a new auditing feature on a critical system, the initial and most crucial step is to understand and assess its potential impact on system performance and operations.

Common mistakes.

• A. A vulnerability scan identifies security weaknesses within the system but does not address the operational or performance impact of enabling a new feature like auditing, which is a different concern.
• C. While a cost/benefit analysis is important for business decisions, it typically follows an understanding of the technical impact (which influences costs) and is not the very first technical step before enabling a feature.
• D. Allocating funds for staffing to review audit logs is a crucial step for the ongoing operation of the auditing process, but it is not the immediate first step before technically enabling the feature and assessing its initial system impact.

Concept tested. System impact assessment for feature implementation

Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-128.pdf

No community discussion yet for this question.