Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam CISSP topic 1 question 2 discussion

Actual exam question from ISC's CISSP
Question #: 2
Topic #: 1
[All CISSP Questions]

When assessing the audit capability of an application, which of the following activities is MOST important?

  • A. Identify procedures to investigate suspicious activity.
  • B. Determine if audit records contain sufficient information.
  • C. Verify if sufficient storage is allocated for audit records.
  • D. Review security plan for actions to be taken in the event of audit failure.
Show Suggested Answer Hide Answer
Suggested Answer: C ūüó≥ÔłŹ

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
zo24
Highly Voted 8 months, 3 weeks ago
to me its B, the most important is the scope of the audit, the value it brings, is it sufficient to what the organization need inorder to call or even perform an actual audit. The requirement of disk size we can adjust as we needed, it can only be used to support the content of the information that the application can gather.
upvoted 29 times
...
aape1
Highly Voted 9 months, 3 weeks ago
Selected Answer: C
C, the keyword is "Capabilities". Remember the CIA, this question is about availability, not integrity. It would have been B if it was about the accuracy of the application.
upvoted 7 times
...
farzadarda
Most Recent 1 week, 4 days ago
I am having a hard time understanding this questions. How is the MOST important thing is to verify storage? https://www.reddit.com/user/cisspdumps/ There are several reasons to do a security audit. They include these six goals: Identify security problems and gaps, as well as system weaknesses. Establish a security baseline that future audits can be compared with. Comply with internal organization security policies. Comply with external regulatory requirements. Determine if security training is adequate. Identify unnecessary resources.
upvoted 1 times
...
Ramye
1 month ago
Selected Answer: B
Question is asking, does the application has audit capability? And that is to make sure the application audit logs contain sufficient information.
upvoted 1 times
...
pigon
2 months, 2 weeks ago
Though both are important, but if can only choose 1 option, then B is more important. Cos if audit records do not contain sufficient information, then no matter how much storage alloacted also no use. Hence B is more correct.
upvoted 3 times
...
ap0ls
3 months, 2 weeks ago
Not applicable now. None of these questions came up during my exam last Tuesday (April 2, 2024). Use the questions as guide in learning but don't depend that these will come up in the exam
upvoted 1 times
f270069
3 weeks ago
none of the 500?
upvoted 1 times
...
...
3008
4 months ago
B is answer
upvoted 1 times
...
AZSID
4 months, 2 weeks ago
B is the correct option here as sufficient and valuable evidence / traces is the most focal point in Audit activities for Critical Applications.
upvoted 1 times
...
Kyanka
4 months, 3 weeks ago
Selected Answer: B
B is correct. The Audit records need to be sufficient. Audit storage is not the responsibility of the application.
upvoted 1 times
...
SKainth
5 months, 1 week ago
Selected Answer: B
Because the primary purpose of an audit is to provide a RECORD OF ACTIVITIES that can be used to identify and investigate suspicious or inappropriate activities. If the audit records do not contain sufficient information, it would be difficult to achieve this goal.
upvoted 1 times
...
TashT13
5 months, 3 weeks ago
B makes the most sense. All others are irrelevant if audit does nit contains sufficient data
upvoted 1 times
...
JoeandHeidi
11 months, 1 week ago
So is the B or C the correct answer? I would say B if I was sitting for the test. But with this picking C as the correct answer, it's causing unwanted doubt.
upvoted 2 times
...
wingcheuk
1 year ago
I will pick B for answer. In domain 7, it says some audit examples including inspection audits, access review audits, user entitlement audits etc.The required information for each type of audit may different. The information is not ONLY referred to the audit log of an application. The audit record could be the company rules or even a physical log sheet paper of the data center. So sufficient information is most important. Answer C may be the second best but it is limited for the digit audit logs.
upvoted 3 times
...
vorozco
1 year, 1 month ago
Meant to say I'm going with B. So my previous comment should read as... Going with B. The textbook focuses on auditing capabilities requiring sufficient information. CISSP AIO Exam Guide: Ninth Edition pg. 741-743
upvoted 2 times
Ramye
1 month ago
How is it C when capabilities focuses on requiring sufficient information?
upvoted 1 times
...
...
CPT_Pepper
1 year, 1 month ago
The question is asking specifically about the audit capability of the APPLICATION, as opposed to the effectiveness of an audit record. You cannot consider the content of the audit log if the application cannot capture and STORE logs FIRST. Of course audit log content will drive size allocation but the question was asking about the APPLICATION.
upvoted 1 times
dumdada
1 year, 1 month ago
C doesnt imply the app cant store ANY log. Moreover, what's the point of having plenty of audit log storage place if the logs themselves don't have anything of value? B is obviously the right answer. You can have terabytes of audit log space but if they only capture useless crap the audit capabilities are crap as well. BBBB.
upvoted 2 times
...
...
KelvinYau
1 year, 1 month ago
Selected Answer: B
B 100%, sufficient information is most important.
upvoted 2 times
...
jackdryan
1 year, 3 months ago
B is correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in