Which of the following is a chronological record of system activities to enable the reconstruction
and examination of the sequence of events and/or changes in an event?
A.
Corrective controls
B.
Audit trail
C.
Security audit
D.
Detective controls
Explanation:
Audit trail or audit log is a chronological sequence of audit records, each of which
contains evidence directly pertaining to and resulting from the execution of a business process or
system function. Audit records typically result from activities such as transactions or
communications by individual people, systems, accounts, or other entities. The process that
creates audit trail should always run in a privileged mode, so it could access and supervise all
actions from all users, and normal user could not stop/change it. Furthermore, for the same
is incorrect. A computer security audit is a manual or systematic measurable technical assessment
of a system or application. Manual assessments include interviewing staff, performing security
vulnerability scans, reviewing application and operating system access controls, and analyzing
physical access to the systems. Automated assessments, or CAAT’s, include system generated
audit reports or using software to monitor and report changes to files and settings on a system.
Systems can include personal computers, servers, mainframes, network routers, and switches.restricted. Any control that performs a monitoring activity can likely be defined as a Detective
Control. For example, it is possible that mistakes, either intentional or unintentional, can be made.
Therefore, an additional Protective control is that these companies must have their financial
results audited by an independent Certified Public Accountant. The role of this accountant is to act
as an auditor. In fact, any auditor acts as a Detective control. If the organization in question has
not properly followed the rules, a diligent auditor should be able to detect the deficiency which
controls typically work in response to a detective control, responding in such a way as to alert or
otherwise correct an unacceptable condition. Using the example of account rules, either the
internal Audit Committee or the SEC itself, based on the report generated by the external auditor,
will take some corrective action. In this way, they are acting as a Corrective or Reactive control.