CISA Question #285: Real Exam Question with Answer & Explanation

The correct answer is B: The operational logs are not using write-once-read-many media. The greatest concern for an IS auditor would be if operational logs are not stored on write-once- read-many (WORM) media. WORM media ensures that logs cannot be tampered with after they are written, preserving their integrity and ensuring they are reliable for investigations, com

Submitted by devops_kid· Apr 18, 2026Information Systems Operations and Business Resilience

Question

Which of the following should be of GREATEST concern to an IS auditor reviewing operational log management at a large organization with a complex IT infrastructure?

Options

ADisk usage statistics are not logged
BThe operational logs are not using write-once-read-many media
CA SIEM system has not been implemented
DRetention periods vary for different types of logs being stored

Explanation

The greatest concern for an IS auditor would be if operational logs are not stored on write-once- read-many (WORM) media. WORM media ensures that logs cannot be tampered with after they are written, preserving their integrity and ensuring they are reliable for investigations, compliance, and audits. This is particularly critical in large organizations with complex IT infrastructures, where log integrity is essential for identifying and addressing security incidents.

Topics

#Log Management#Data Integrity#Audit Evidence#WORM Media

Community Discussion

No community discussion yet for this question.

Full CISA Practice Browse All CISA Questions