Logs should be reviewed often not reports. Reports are generated as needed, logs are aggregated on the fly.

B. Access logs

Could you kindly clarify from which section of the CISM exam questions are expected? In other words, which question numbers correspond to the current section being addressed? I'm seeking assistance from someone who has taken the exam and can provide guidance on this matter.

Access logs are the most frequently reviewed when monitoring the security of a web-based application because they provide valuable real-time information about user activity and potential security threats.

Access logs provide a detailed record of activities related to user access, including login attempts, resource access, and other relevant events. Monitoring access logs is a common practice in web application security to identify any suspicious or unauthorized activities. It helps in detecting potential security incidents, such as unauthorized access attempts, unusual patterns of behavior, or potential exploitation of vulnerabilities. While audit reports (option A) may provide a broader overview of security-related events, access logs are more specific to user interactions with the web application. Access lists (option C) are typically associated with network security and may not be as directly relevant to web application monitoring. Threat metrics (option D) can be important but may not be as frequently reviewed as access logs for day-to-day monitoring.

A. Access logs are the most frequently reviewed when monitoring the security of a web-based application because they provide valuable real-time information about user activity and potential security threats.

what is access list?

B is correct

B is correct

Access Logs are viewed more than the offered answers. Some support from CISM AIO 2nd under Logging