CompTIA Security+ Question F-79

An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation?

A. Testing controls
B. Risk assessment
C. Signed AUP
D. Routine audits

Answer: A

Testing controls come in three types: Technical, Management and Operational. In this question, the CCTV system has not been recording for three months and no one noticed. Improved testing controls (regular testing to verify the CCTV system is recording) would ensure that the CCTV is recording as expected. The CCTV recordings could have aided the investigation into the missing tapes.

Topic 4, Application, Data and Host Security