New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 3 Question 60 Discussion

Actual exam question for Isaca's CISM exam
Question #: 60
Topic #: 3
[All CISM Questions]

An information security manager has identified that privileged employee access requests to production servers are approved; but user actions are not logged. Which of the following should be the GREATEST concern with this situation?

Show Suggested Answer Hide Answer
Suggested Answer: B

The greatest concern with the situation of privileged employee access requests to production servers being approved but not logged is the lack of accountability, which means the inability to trace or verify the actions and decisions of the privileged users. Lack of accountability can lead to security risks such as unauthorized changes, data breaches, fraud, or misuse of privileges. Logging user actions is a key component of privileged access management (PAM), which helps to monitor, detect, and prevent unauthorized privileged access to critical resources. The other options, such as lack of availability, improper authorization, or inadequate authentication, are not directly related to the situation of not logging user actions. Reference:

https://www.microsoft.com/en-us/security/business/security-101/what-is-privileged-access-management-pam

https://www.ekransystem.com/en/blog/privileged-user-monitoring-best-practices

https://www.beyondtrust.com/resources/glossary/privileged-access-management-pam


by Meaghan at Jul 28, 2023, 10:35 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tasia
3 months ago
I’m not sure, but D seems important too, authentication matters!
upvoted 0 times
...
Micah
3 months ago
Agreed with B, without logs, who’s responsible for actions?
upvoted 0 times
...
Harrison
4 months ago
Surprised that user actions aren't logged at all, that's basic stuff!
upvoted 0 times
...
Leigha
4 months ago
I think C is more concerning, improper authorization can lead to major issues.
upvoted 0 times
...
Clarinda
4 months ago
Definitely B, lack of accountability is a huge risk!
upvoted 0 times
...
Sherell
4 months ago
I’m a bit confused about the options, but I feel like inadequate authentication might not be the main issue here since the requests are approved. Logging seems more critical.
upvoted 0 times
...
Alfred
4 months ago
This question reminds me of a practice exam we did. I think lack of accountability is definitely the biggest concern since it could lead to misuse without any trace.
upvoted 0 times
...
Stephen
5 months ago
I’m not entirely sure, but I think improper authorization might be a concern too. If requests are approved without logging, how do we know they were valid?
upvoted 0 times
...
Shaun
5 months ago
I remember discussing the importance of logging user actions in our last class. It seems like lack of accountability could be a major issue here.
upvoted 0 times
...
Coletta
5 months ago
This looks like a straightforward question on variable costs. I'll need to carefully consider each option and identify the three that are variable.
upvoted 0 times
...
Valentin
5 months ago
This question seems straightforward. I'll focus on identifying the three key benefits of using a JDBC store for transaction logs.
upvoted 0 times
...
Yan
5 months ago
Okay, let me think this through step-by-step. Paging is used to notify the UE of an incoming call or message, so it needs to be a downlink channel that the UE is monitoring. The PDCCH seems like the most likely option here.
upvoted 0 times
...
Denise
5 months ago
Hmm, I'm a bit confused about the different hedging instruments mentioned here. I'll need to carefully review the details on interest rate caps, floors, collars, and swaptions to make sure I understand how to apply them in this situation.
upvoted 0 times
...

Save Cancel