Q: 9
Which of the following should be of MOST concern to an IS auditor reviewing an
organization's operational log management?
Options
Discussion
D. Not B, since logging to immutable files is usually best practice for integrity. Lack of standard formats (D) just breaks correlation and makes audits a nightmare. Seen similar stuff in exam reports.
Standardizing log formats is key or analysis becomes a nightmare. D is much more of a blocker than A or C.
Maybe D. Most of the official materials and practice tests stress that non-standard log formats make correlation and automated analysis really hard. If you can't easily correlate logs, incident response gets messy fast. Could be wrong if the focus was storage.
Why does ISACA always slip in questions about log format standardization, like it isn't the most obvious audit headache. D tbh.
B is a bit of a distractor here. Standardization (D) really trips up correlation across environments, so that's more concerning imo.
C . Dealing with multiple log files per app seems like it could cause more issues for an auditor trying to follow a complete event trail, even if formats are mostly ok. Not 100% though, happy to hear other takes.
Wouldn't inconsistent log formats (D) make it almost impossible to correlate events during a security incident investigation?
D imo. If logs aren't standardized, things like event correlation or root cause analysis get messy or nearly impossible. That's a bigger audit risk than file size or logs being split up. Pretty sure exam reports flag D as the highest concern unless the scenario pushes storage/admin angles.
I don’t think D is the biggest deal here, I'd say C. Having events logged in multiple log files makes tracking an incident pretty painful. Maybe not the top risk, but that's what jumps out to me first-correct me if I'm off.
C or D. If "MOST concern" means investigation and auditability, then D, but if they're looking from a practical storage/admin angle, C could cause issues too. Not fully sure without more context.
Be respectful. No spam.
