CISA Certified Information Systems Auditor – Question2648

Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization’s security policy?

A.
Analyzing how the configuration changes are performed
B. Performing penetration testing
C. Analyzing log files
D. Reviewing the rule base

Correct Answer: B