CISA Question #119: Real Exam Question with Answer & Explanation

Question

An IS auditor has been asked to review an event log aggregation system to ensure risk management practices have been applied. Which of the following should be of MOST concern to the auditor?

Options

• ACompleteness testing has not been performed on the log data.
• BLog feeds are uploaded via batch process.
• CThe log data is not normalized.
• DData encryption standards have not been considered.

Explanation

The auditor's primary concern with an event log aggregation system should be the lack of completeness testing on log data, as this directly impacts the reliability and usability of the logs for risk management.

Common mistakes.

• B. While real-time log ingestion is often preferred, uploading log feeds via batch process is not inherently a 'most concerning' risk, as long as the batch frequency meets operational and security requirements.
• C. Log data not being normalized can make analysis more difficult, but it doesn't fundamentally compromise the presence of the data itself, which is what completeness ensures.
• D. While data encryption standards are important for protecting log data in transit and at rest, the absence of completeness testing represents a more fundamental flaw, as the data itself might not even be there to protect.

Concept tested. Log management integrity and reliability

Reference. https://www.isaca.org/resources/isaca-journal/issues/2019/volume-5/leveraging-log-data-for-audit-and-risk-management

No community discussion yet for this question.