Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS auditor has been asked to conduct a control assessment.
The auditor's BEST course of action would be to determine if:
Click on the arrows to vote for the correct answer
A. B. C. D.D.
In this scenario, a security breach has occurred due to a well-known vulnerability in the domain controller. As an IS auditor, the best course of action would be to assess the control environment to identify any gaps or weaknesses that may have contributed to the breach. The question is asking for the best action to take in this situation, and the possible answers are:
A. The domain controller was classified for high availability. B. The network traffic was being monitored. C. The patches were updated. D. The logs were monitored.
Option A is not relevant to the situation at hand, as high availability does not directly address the issue of a security breach. High availability is a measure of how well a system can continue to operate in the event of a failure, not how well it can withstand an attack.
Option B is a good option to consider, as network traffic monitoring can help identify any suspicious activity on the network, which may have contributed to the breach. By monitoring network traffic, an IS auditor can identify any anomalies or patterns that may indicate an attack, as well as identify any potential weaknesses in the network infrastructure.
Option C is also a good option, as keeping patches updated is critical to addressing vulnerabilities and reducing the risk of a breach. An IS auditor can assess whether the patches were up-to-date and identify any areas where updates may have been missed, which may have contributed to the breach.
Option D is also a good option to consider, as monitoring logs can help identify any suspicious activity on the network, as well as identify any potential weaknesses in the system. Logs can provide valuable information about system activity, which can be used to identify any anomalies or patterns that may indicate an attack.
In conclusion, the best course of action for an IS auditor in this scenario would be to assess whether the network traffic was being monitored, whether the patches were updated, and whether the logs were being monitored. These measures can help identify any weaknesses in the control environment and help prevent future breaches.