Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource?
A. Systems logs
B. Access control lists (ACL)
C. Application logs
D. Error logs
Explanation:
IS auditors should review access-control lists (ACL) to determine user permissions that have been granted for a particular resource.