An IS auditor has been asked to review an event log aggregation system to ensure risk management practices have been applied. Which of the following should be of MOST concern to the auditor?
Correct Answer: B
The IS auditor should be most concerned if completeness testing has not been performed on the log data, as this could indicate that some logs are missing, corrupted, or tampered with, and that the log aggregation system is not reliable or accurate12. Completeness testing is a process of verifying that all the logs generated by the source systems are successfully collected, transferred, and stored by the log aggregation system, and that there are no gaps or inconsistencies in the log data34. Completeness testing is essential for ensuring the integrity and validity of the log data, and for supporting the risk management practices of the organization. References 1: Log Aggregation: How it Works, Methods, and Tools - Exabeam2 2: Log Aggregation & Monitoring Relation in Cybersecurity4 3: Log Aggregation: What It Is & How It Works | Datadog3 4: Data Flow Testing - GeeksforGeeks1
Question 432
Which of the following is an environmental issue caused by electric storms or noisy electric equipment and may also cause computer system to hang or crash?
Correct Answer: D
Explanation/Reference: The electromagnetic interference (EMI) caused by electrical storms or noisy electrical equipments. The interference may cause computer system to hang or crash as well as damages similar to those caused by sags, spike and surges. Because Unshielded Twisted Pair cables does not have shielding like shielded twisted-pair cables, UTP is susceptible to interference from external electrical sources, which could reduce the integrity of the signal. Also, to intercept transmitted data, an intruder can install a tap on the cable or monitor the radiation from the wire. Thus, UTP may not be a good choice when transmitting very sensitive data or when installed in an environment with much electromagnetic interference (EMI) or radio frequency interference (RFI). Despite its drawbacks, UTP is the most common cable type. UTP is inexpensive, can be easily bent during installation, and, in most cases, the risk from the above drawbacks is not enough to justify more expensive cables. For your exam you should know below information about power failure Total Failure (Blackout) - A complete loss of electric power, which may span from a single building to an entire geographical are and is often caused by weather conditions or inability of an electric utility company to meet user demands Severely reduced voltage (brownout) - The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage. Sags, spike and surge - Temporary and rapid decreases (sag) or increases (spike and surges) in a voltage levels. These anomalies can cause loss of data, data corruption, network transmission errors or physical damage to hardware devices. Electromagnetic interference (EMI) - The electromagnetic interference (EMI) caused by electrical storms or noisy electrical equipments. The interference may cause computer system to hang or crash as well as damages similar to those caused by sags, spike and surges. The following were incorrect answers: Sag - Temporarily rapid decrease in a voltage. Total Failure (Blackout) - A complete loss of electric power, which may span from a single building to an entire geographical are and is often caused by weather conditions or inability of an electric utility company to meet user demands Severely reduced voltage (brownout) - The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage. Following reference(s) were/was used to create this question: CISA review manual 2014 Page number372 and Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 6507-6512). Acerbic Publications. Kindle Edition.
Question 433
Overall responsibility for approving logical access rights to information assets should reside with the:
Correct Answer: A
Section: Information System Operations, Maintenance and Support
Question 434
An auditor observes that time to complete routine backups of operational databases is steadily increasing. When of the following would MOST effectively help to reduce backup and recovery times for operational databases?
Correct Answer: D
Question 435
Which of the following should an IS auditor expect to find in an organization's information security policies?
