Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
An IT auditor discovers that failed logons to a mission-critcal financial system are automatically logged and retained for a year by the company. What conclusion should the IT auditor make regarding this activity?
An effective preventive control.
A corrective control.
A valid detective control.
Not an adequate control.
A. Generation of an activity log is not a preventive control because it cannot prevent inappropriate access. B. Generation of an activity log is not a detective control because it does not help in detecting inappropriate access unless it is reviewed by appropriate personnel. C. Generation of an activity log is not a control by itself. It is the review of such a log that makes the activity a control (i.e., generation plus review equals control). D. Generation of an activity log is not a corrective control because it does not correct the effect of inappropriate access.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.