CISA Certified Information Systems Auditor – Question0268

An IS auditor notes that application of super-user activity was not recorded in system logs. What is the auditor’s BEST course of action?

A.
Recommend a least-privilege access model.
B. Investigate the reason for the lack of logging.
C. Report the issue to the audit manager.
D. Recommend activation of super-user activity logging.

Correct Answer: B