Explanation:
Trend/Variance Detection tool are used to look for anomalies in user or system behavior. For example, if a user typically logs in at 9:00 am, but one day suddenly access the system at 4:30 am, this may indicate a security problem that may need to be investigated.
Other types of audit trail analysis tools should also be known for your CISA exam
The following were incorrect answers:
Audit Reduction tool – They are preprocessor designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tool can remove many audit records known to have little security significance.
Attack-signature detection tool – They look for an attack signature, which is a specific sequence of events indicative of an unauthorized access attempt. A simple example would be repeated failed logon attempts.
Heuristic detection tool – Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. MultiCriteria analysis (MCA) is one of the means of weighing.
This method differs with statistical analysis, which bases itself on the available data/statistics.
Reference:
CISA review manual 2014 Page number 336 and http://en.wikipedia.org/wiki/Heuristic_analysis