Auditing and Monitoring

5 minutes 5 Questions

Auditing and Monitoring are crucial procedures designed to ensure the effectiveness of an organization's security controls and adherence to compliance requirements. Regular audits help identify areas where improvement is necessary and determine whether the organization is following the established …

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

A company has recently suffered a data breach involving sensitive customer information. The auditor suspects a lack of monitoring in the data storage system during the breach. Which of the following solutions is the best option to improve monitoring and prevent future breaches?

Implement a Security Information and Event Management (SIEM) system Ignore minor security alerts Limit the number of users with access to logging data Decrease the frequency of vulnerability scans

Correct Answer: Implement a Security Information and Event Management (SIEM) system

Implementing a SIEM system will improve monitoring by consolidating, analyzing, and providing real-time alerts on security events. This allows for a quicker response to potential threats. The other options will not improve monitoring and might even weaken security posture.

Question 2

A healthcare organization is conducting an audit to ensure that employees are only accessing patient files for legitimate reasons. The auditor notices that an employee accessed 200 patient files in a single day, which is far beyond their normal access pattern. What should the auditor do?

Immediately revoke the employee's access rights Escalate the issue to management for further investigation Warn the employee that their accesses are being monitored Ignore the issue because the employee has proper access permissions

Correct Answer: Escalate the issue to management for further investigation

Escalating the issue to management allows for a proper investigation to determine if the employee's activities were justified or inappropriate. The other options either weaken security, potentially violate privacy, or might be counterproductive.

Question 3

An organization is experiencing an increased number of security incidents due to employees mistakenly clicking on malicious links in phishing emails. The management team is looking for a solution that allows monitoring and enforcing security policies in real-time. Which solution is the most appropriate?

Relocate the email server to an off-site location Implement a Data Loss Prevention (DLP) solution Disable email attachments Train employees not to report phishing attempts

Correct Answer: Implement a Data Loss Prevention (DLP) solution

A DLP solution monitors, detects, and prevents the unauthorized transmission of sensitive data, including real-time enforcement of security policies. Other options either do not address the issue or might negatively impact operations.

🎓 Unlock Premium Access

CISSP + ALL Certifications

Auditing and Monitoring

Guide to Auditing and Monitoring for CISSP

CISSP - Auditing and Monitoring Example Questions

Question 1

Question 2

Question 3

🎓 Unlock Premium Access