BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB Exam ISO-IEC-27001-Lead-Auditor Topic 1 Question 48 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 48
Topic #: 1
[All ISO-IEC-27001-Lead-Auditor Questions]

To verify conformity to control 8.15 Logging of ISO/IEC 27001 Annex A, the audit team verified a sample of server logs to determine if they can be edited or deleted. Which audit procedure was used?

Show Suggested Answer Hide Answer
Suggested Answer: A

The audit procedure used here is 'analysis.' The audit team analyzed server logs to verify if they can be edited or deleted, focusing on evaluating the logs' properties and the controls over their manipulation to ensure they comply with ISO/IEC 27001 requirements.


by Gilberto at Sep 12, 2024, 10:32 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Viola
1 months ago
If I was an auditor, I'd want to make sure I have a good sample size to draw conclusions. B) Sampling is the way to go.
upvoted 0 times
...
Lizbeth
1 months ago
Haha, I bet the auditors had a blast watching paint dry on those servers. C) Observation is the way to go!
upvoted 0 times
Justine
5 days ago
I agree, it's important to make sure they can't be tampered with.
upvoted 0 times
...
Stacey
11 days ago
Observation is definitely the best way to verify those server logs.
upvoted 0 times
...
...
Leeann
1 months ago
I'm not sure, but I think Observation could also be used to verify the server logs.
upvoted 0 times
...
Krissy
1 months ago
I agree with Audrie, Sampling makes sense to verify conformity to control 8.15 Logging.
upvoted 0 times
...
Beth
1 months ago
A) Analysis could work, but I'm not sure it's specific enough to the logging control. B) Sampling makes the most sense to me.
upvoted 0 times
...
Vicky
1 months ago
C) Observation seems like the logical choice here. The audit team would need to actually watch the servers to see if the logs can be edited or deleted.
upvoted 0 times
Skye
6 days ago
The audit team would need to actually watch the servers to see if the logs can be edited or deleted.
upvoted 0 times
...
Viola
15 days ago
Observation seems like the logical choice here.
upvoted 0 times
...
Dell
25 days ago
That makes sense, they need to see it in action to verify compliance.
upvoted 0 times
...
Carmela
1 months ago
Yes, the audit team would need to physically watch the servers.
upvoted 0 times
...
Millie
1 months ago
Observation seems like the logical choice here.
upvoted 0 times
...
...
Audrie
2 months ago
I think the audit procedure used was Sampling.
upvoted 0 times
...
Dulce
2 months ago
I think the correct answer is B) Sampling. It's the most effective way to verify a control like logging that applies to a large number of servers.
upvoted 0 times
Loreta
1 months ago
Observation could also be useful, but it may not provide a comprehensive view of the effectiveness of the control.
upvoted 0 times
...
Sharita
1 months ago
It's a practical approach to ensure compliance with control requirements without spending excessive time and resources.
upvoted 0 times
...
Eun
2 months ago
Sampling allows us to check a representative sample of logs without having to go through each one individually.
upvoted 0 times
...
Delsie
2 months ago
I agree, B) Sampling is the best way to verify a control like logging on multiple servers.
upvoted 0 times
...
...

Save Cancel