ExamGecko
Question list
Search
Search

Related questions











Question 638 - CISA discussion

Report
Export

Which of the following is the PRIMARY purpose of obtaining a baseline image during an operating system audit?

A.
To identify atypical running processes
Answers
A.
To identify atypical running processes
B.
To verify antivirus definitions
Answers
B.
To verify antivirus definitions
C.
To identify local administrator account access
Answers
C.
To identify local administrator account access
D.
To verify the integrity of operating system backups
Answers
D.
To verify the integrity of operating system backups
Suggested answer: A

Explanation:

The primary purpose of obtaining a baseline image during an operating system audit is to identify atypical running processes. A baseline image is a snapshot of the normal state and configuration of an operating system, including the processes that are expected to run on it. By comparing the current state of the operating system with the baseline image, an IS auditor can detect any deviations or anomalies that may indicate unauthorized or malicious activity, such as malware infection, privilege escalation, or data exfiltration. A baseline image can also help an IS auditor to assess the performance and efficiency of the operating system, as well as its compliance with security standards and policies.

Verifying antivirus definitions (option B) is not the primary purpose of obtaining a baseline image, although it may be a part of the baseline configuration. Antivirus definitions are the files that contain the signatures and rules for detecting and removing malware. An IS auditor may verify that the antivirus definitions are up to date and consistent across the operating system, but this does not require obtaining a baseline image.

Identifying local administrator account access (option C) is not the primary purpose of obtaining a baseline image, although it may be a part of the baseline configuration. Local administrator accounts are user accounts that have full control over the operating system and its resources. An IS auditor may identify and review the local administrator accounts to ensure that they are properly secured and authorized, but this does not require obtaining a baseline image.

Verifying the integrity of operating system backups (option D) is not the primary purpose of obtaining a baseline image, although it may be a part of the backup process. Operating system backups are copies of the operating system data and settings that can be used to restore the system in case of failure or disaster. An IS auditor may verify that the operating system backups are complete, accurate, and accessible, but this does not require obtaining a baseline image.

asked 18/09/2024
Pablo Magallanes
38 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first