to me its B, the most important is the scope of the audit, the value it brings, is it sufficient to what the organization need inorder to call or even perform an actual audit. The requirement of disk size we can adjust as we needed, it can only be used to support the content of the information that the application can gather.

C, the keyword is "Capabilities". Remember the CIA, this question is about availability, not integrity. It would have been B if it was about the accuracy of the application.

Though both are important, but if can only choose 1 option, then B is more important. Cos if audit records do not contain sufficient information, then no matter how much storage alloacted also no use. Hence B is more correct.

I will pick B for answer. In domain 7, it says some audit examples including inspection audits, access review audits, user entitlement audits etc.The required information for each type of audit may different. The information is not ONLY referred to the audit log of an application. The audit record could be the company rules or even a physical log sheet paper of the data center. So sufficient information is most important. Answer C may be the second best but it is limited for the digit audit logs.

So is the B or C the correct answer? I would say B if I was sitting for the test. But with this picking C as the correct answer, it's causing unwanted doubt.

Meant to say I'm going with B. So my previous comment should read as... Going with B. The textbook focuses on auditing capabilities requiring sufficient information. CISSP AIO Exam Guide: Ninth Edition pg. 741-743

B 100%, sufficient information is most important.

B is correct.

I am having a hard time understanding this questions. How is the MOST important thing is to verify storage? https://www.reddit.com/user/cisspdumps/ There are several reasons to do a security audit. They include these six goals: Identify security problems and gaps, as well as system weaknesses. Establish a security baseline that future audits can be compared with. Comply with internal organization security policies. Comply with external regulatory requirements. Determine if security training is adequate. Identify unnecessary resources.

Question is asking, does the application has audit capability? And that is to make sure the application audit logs contain sufficient information.

Not applicable now. None of these questions came up during my exam last Tuesday (April 2, 2024). Use the questions as guide in learning but don't depend that these will come up in the exam

B is answer

B is the correct option here as sufficient and valuable evidence / traces is the most focal point in Audit activities for Critical Applications.

B is correct. The Audit records need to be sufficient. Audit storage is not the responsibility of the application.

Because the primary purpose of an audit is to provide a RECORD OF ACTIVITIES that can be used to identify and investigate suspicious or inappropriate activities. If the audit records do not contain sufficient information, it would be difficult to achieve this goal.

B makes the most sense. All others are irrelevant if audit does nit contains sufficient data

The question is asking specifically about the audit capability of the APPLICATION, as opposed to the effectiveness of an audit record. You cannot consider the content of the audit log if the application cannot capture and STORE logs FIRST. Of course audit log content will drive size allocation but the question was asking about the APPLICATION.