Home MCQs CISA Question #6849
Back to Questions
CISA QUESTION #6849
Question 1
In reviewing database security, an auditor finds that database activity monitoring is implemented but alerts are configured only for failed access attempts, not successful access to sensitive data. What is the PRIMARY monitoring gap?
  • Incomplete alert configuration
  • Successful unauthorized access goes undetected—monitoring only failures misses actual breaches✔️
  • Excessive false positives
  • Alert fatigue
Correct Answer Explanation
Monitoring only failed attempts catches attackers who lack credentials but misses insider threats and compromised accounts that successfully access sensitive data. Successful access to sensitive data—especially unusual patterns—is often more significant than failed attempts. Focusing only on failures provides incomplete security visibility.