Log analysis is the correct answer here. The video was moved in their on premises internal environment. The only way to find out how/when the video was leaked is to review log entries. It could not possible be right to audit here because there is no 3rd party or any contract in the scenario.

The wordings of this question is terrible. what cause are they looking for? very confusing indeed.

Clearly E. The company is allowed to find the cause of data breach on the vender side according to right-to-audit clause.

D. A log analysis

The option that would most likely allow the company to find the cause of the sensitive videos being uploaded and shared to the Internet is: D. A log analysis. Log analysis involves reviewing and analyzing various logs generated by systems, applications, and network devices to identify events and activities that may have contributed to the unauthorized upload and sharing of sensitive videos. By examining logs such as web server logs, file transfer logs, access logs, and authentication logs, the company can trace the actions taken by users or systems involved in the incident. This can help identify the source of the unauthorized activity, such as unauthorized access or misuse of credentials, allowing the company to take appropriate remedial actions and prevent similar incidents in the future.

A log analysis can provide detailed information about who accessed the videos, when they were accessed, and what actions were taken. This could potentially reveal if there was unauthorized access or if a specific user account was responsible for the upload and sharing of the videos.

right to audit clause to me