To determine which users can gain access to the privileged supervisory state, which of the
following should an IS auditor review?

A.
System access log files

B.
Enabled access control software parameters

C.
Logs of access control violations

D.
System configuration files for control options used

Explanation:

A review of system configuration files for control options used would show which users have
access to the privileged supervisory state. Both systems access log files and logs of access
violations are detective in nature. Access control software is run under the operating system.