Q: 9
Which of the following should be of MOST concern to an IS auditor reviewing an
organization's operational log management?
Options
Discussion
D. Not B, since logging to immutable files is usually best practice for integrity. Lack of standard formats (D) just breaks correlation and makes audits a nightmare. Seen similar stuff in exam reports.
Standardizing log formats is key or analysis becomes a nightmare. D is much more of a blocker than A or C.
C . Dealing with multiple log files per app seems like it could cause more issues for an auditor trying to follow a complete event trail, even if formats are mostly ok. Not 100% though, happy to hear other takes.
B. not D. I get why lack of standardization (D) is a pain, but if critical events are logged to immutable files (B) and something isn't right with their integrity or access, that could actually be worse. I'm iffy here so maybe missing something obvious.
A is wrong, D. Official guide really stresses standardization for log review, so without it, audit and correlation basically break down.
D , saw something like this on a practice test. Without standardized log formats, correlating events and running any kind of automated analysis is almost impossible. The other issues slow you down but format chaos kills auditing. Pretty sure this is what ISACA looks for, but open to pushback.
C/D? Both are issues, but I remember seeing something like this before and D was flagged as the bigger problem. Without standardized formats, you can't do effective correlation or automated analysis. C is annoying for auditors, but with standard formats you can still parse everything. Not 100% though, open to other views.
I don’t think D is as urgent here-C actually stands out more to me. If apps are logging to multiple files, it really complicates centralized monitoring and makes it a hassle for auditors, even more so if you’re already dealing with decent format consistency. Maybe I’m missing something but C feels like the real headache.
C tbh. Multiple files makes aggregation a pain, more so than just inconsistent formats imo.
Maybe C, since having events in multiple log files can make monitoring trickier and harder to correlate. Not totally sure though.
Be respectful. No spam.
