As the lead security analyst at a financial institution, you have been tasked with evaluating the effectiveness of the implemented security controls. During the audit, you need to verify that access control policies are correctly enforced and that there are no deviations from the standard configurations across all servers. Which of the following audit practices would be the MOST effective for this purpose?
A configuration audit specifically assesses configurations against established security baselines and policies, ensuring that systems are compliant with the required security settings. This would detect deviations in access control policies and configurations from the standard across servers. A performance audit, while it assesses the efficiency and effectiveness of an organization's processes, would not focus solely on security settings and policies. A financial audit is concerned with the financial accounts and transactions of an organization, and while an operational audit evaluates the operational aspects of an organization, it does not concentrate on access control policies and system configurations to the extent necessary for the given task.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.