CRISC · Question #569
CRISC Question #569: Real Exam Question with Answer & Explanation
The correct answer is D: Logs are modified before analysis is conducted.. The greatest concern related to monitoring Key Risk Indicators (KRIs) is that logs are modified before analysis, as this compromises the integrity and trustworthiness of the KRI data.
Question
Which of the following is the GREATEST concern related to the monitoring of key risk indicators (KRIs)?
Options
- ALogs are retained for longer than required.
- BLogs are reviewed annually.
- CLogs are stored in a multi-tenant cloud environment.
- DLogs are modified before analysis is conducted.
Explanation
The greatest concern related to monitoring Key Risk Indicators (KRIs) is that logs are modified before analysis, as this compromises the integrity and trustworthiness of the KRI data.
Common mistakes.
- A. Retaining logs longer than required is a concern for data storage costs and privacy, but it doesn't directly compromise the integrity of the KRI data itself if the original data is preserved.
- B. Reviewing logs annually means the KRI monitoring is infrequent, which is a concern for timeliness of risk response, but it does not inherently corrupt the data's integrity like modification does.
- C. Storing logs in a multi-tenant cloud environment introduces specific security and compliance considerations, but a well-managed cloud environment can still ensure log integrity, whereas modification is a direct breach of that integrity.
Concept tested. KRI data integrity for monitoring
Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/log-security-monitoring
Topics
Community Discussion
No community discussion yet for this question.