CISA Certified Information Systems Auditor – Question3039

An IS auditor examining the configuration of an operating system to verify the controls should review the:

A.
transaction logs.
B. authorization tables.
C. parameter settings.
D. routing tables.

Correct Answer: C

Explanation:

Explanation:
Parameters allow a standard piece of software to be customized for diverse environments and are important in determining how a system runs. The parameter settings should be appropriate to an organization’s workload and control environment, improper implementation and/or monitoring of operating systems can result in undetected errors and corruption of the data being processed, as well as lead to unauthorized access and inaccurate logging of system usage. Transaction logs are used to analyze transactions in master and/or transaction files. Authorization tables are used to verify implementation of logical access controls and will not be of much help when reviewing control features of an operating system. Routing tables do not contain information about the operating system and, therefore, provide no information to aid in the evaluation of controls.