CISA Certified Information Systems Auditor – Question2457 - CISA Certified Information Systems Auditor

Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource?

A. Systems logs
B. Access control lists (ACL)
C. Application logs
D. Error logs

Correct Answer: B

Explanation:

Explanation:
IS auditors should review access-control lists (ACL) to determine user permissions that have been granted for a particular resource.