New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB Exam ISO-IEC-27001-Lead-Auditor Topic 1 Question 48 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 48
Topic #: 1
[All ISO-IEC-27001-Lead-Auditor Questions]

To verify conformity to control 8.15 Logging of ISO/IEC 27001 Annex A, the audit team verified a sample of server logs to determine if they can be edited or deleted. Which audit procedure was used?

Show Suggested Answer Hide Answer
Suggested Answer: A

The audit procedure used here is 'analysis.' The audit team analyzed server logs to verify if they can be edited or deleted, focusing on evaluating the logs' properties and the controls over their manipulation to ensure they comply with ISO/IEC 27001 requirements.


by Gilberto at Sep 12, 2024, 10:32 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Viola
2 months ago
If I was an auditor, I'd want to make sure I have a good sample size to draw conclusions. B) Sampling is the way to go.
upvoted 0 times
...
Lizbeth
2 months ago
Haha, I bet the auditors had a blast watching paint dry on those servers. C) Observation is the way to go!
upvoted 0 times
Clorinda
1 months ago
Haha, yeah, watching paint dry on servers sounds like a thrilling time for auditors.
upvoted 0 times
...
Justine
1 months ago
I agree, it's important to make sure they can't be tampered with.
upvoted 0 times
...
Stacey
1 months ago
Observation is definitely the best way to verify those server logs.
upvoted 0 times
...
...
Leeann
2 months ago
I'm not sure, but I think Observation could also be used to verify the server logs.
upvoted 0 times
...
Krissy
2 months ago
I agree with Audrie, Sampling makes sense to verify conformity to control 8.15 Logging.
upvoted 0 times
...
Beth
3 months ago
A) Analysis could work, but I'm not sure it's specific enough to the logging control. B) Sampling makes the most sense to me.
upvoted 0 times
...
Vicky
3 months ago
C) Observation seems like the logical choice here. The audit team would need to actually watch the servers to see if the logs can be edited or deleted.
upvoted 0 times
Dannie
1 months ago
I agree, it's important to physically observe the servers to ensure the logs are secure.
upvoted 0 times
...
Eliseo
1 months ago
Yes, observation is the best way to verify if the logs are tamper-proof.
upvoted 0 times
...
Skye
1 months ago
The audit team would need to actually watch the servers to see if the logs can be edited or deleted.
upvoted 0 times
...
Viola
2 months ago
Observation seems like the logical choice here.
upvoted 0 times
...
Dell
2 months ago
That makes sense, they need to see it in action to verify compliance.
upvoted 0 times
...
Carmela
2 months ago
Yes, the audit team would need to physically watch the servers.
upvoted 0 times
...
Millie
2 months ago
Observation seems like the logical choice here.
upvoted 0 times
...
...
Audrie
3 months ago
I think the audit procedure used was Sampling.
upvoted 0 times
...
Dulce
3 months ago
I think the correct answer is B) Sampling. It's the most effective way to verify a control like logging that applies to a large number of servers.
upvoted 0 times
Loreta
2 months ago
Observation could also be useful, but it may not provide a comprehensive view of the effectiveness of the control.
upvoted 0 times
...
Sharita
2 months ago
It's a practical approach to ensure compliance with control requirements without spending excessive time and resources.
upvoted 0 times
...
Eun
3 months ago
Sampling allows us to check a representative sample of logs without having to go through each one individually.
upvoted 0 times
...
Delsie
3 months ago
I agree, B) Sampling is the best way to verify a control like logging on multiple servers.
upvoted 0 times
...
...

Save Cancel