Question 6 - ISACA CDPSE Real Exam Questions [Jan 2026 Update]

Q: 6

Which of the following is MOST important to capture in the audit log of an application hosting personal data?

Options

Correct Answer:

Explanation

An audit log is a record of the activities and events that occur in an information system, such as an

application hosting personal dat

a. An audit log can help to monitor, detect, investigate and prevent unauthorized or malicious access,

use, modification or deletion of personal data. An audit log can also help to demonstrate compliance

with data protection laws and regulations, such as the General Data Protection Regulation (GDPR) or

the California Consumer Privacy Act (CCPA). An audit log should capture the following information

for each event: 9

The date and time of the event

The identity of the user or system that performed the event

The type and description of the event

The outcome or result of the event

The personal data that were accessed, used, modified or deleted

The last user who accessed personal data is the most important information to capture in the audit

log, as it can help to identify who is responsible for any data breach or misuse of personal data. It can

also help to verify that only authorized and legitimate users have access to personal data, and that

they follow the data use policy and the principle of least privilege. The last user who accessed

personal data can also help to support data subjects’ rights, such as the right to access, rectify, erase

or restrict their personal data.

The other options are less important or irrelevant to capture in the audit log of an application hosting

personal data. Server details of the hosting environment are not related to personal data, and they

can be obtained from other sources, such as network logs or configuration files. Last logins of

privileged users are important to capture in a separate audit log for user account management, but

they do not indicate what personal data were accessed or used by those users. Application error

events are important to capture in a separate audit log for system performance and reliability, but

they do not indicate what personal data were affected by those errors.

Reference:

IS Audit Basics: Auditing Data Privacy, section 4: “Audit logs should be maintained for all systems that

process PII.”

Data Protection Audit Manual, section 3.2: “Audit trails should be kept for all processing operations

involving personal data.”

Audit Logging Best Practices, section 2: “An audit log entry should contain enough information to

answer who did what and when.”

FLASH OFFER