Which practice improves the integrity of security logs and monitoring through tamper-evident storage?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Enhance your NSF Specialist Training skills. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which practice improves the integrity of security logs and monitoring through tamper-evident storage?

Explanation:
Tamper-evident storage keeps security logs and monitoring data in a way that makes any alteration detectable, preserving the trustworthiness of the logs. This approach often uses append-only or write-once storage, centralized repositories, time stamps, and cryptographic techniques (like hashes and signatures) so that any change to past entries stands out. With this setup, investigators and security teams can verify the integrity of logs, maintain a clear chain of custody, and reliably detect tampering or deletions. Local storage on individual machines is vulnerable because if a host is compromised, an attacker can modify or delete logs locally without immediate detection. Disabled alerting removes critical signals that could reveal tampering or ongoing breaches, undermining the purpose of monitoring. No retention policy leads to data loss and makes it impossible to prove what happened in the past, defeating both integrity and forensic needs. So, using tamper-evident storage directly supports the goal of maintaining trustworthy, auditable logs and monitoring data.

Tamper-evident storage keeps security logs and monitoring data in a way that makes any alteration detectable, preserving the trustworthiness of the logs. This approach often uses append-only or write-once storage, centralized repositories, time stamps, and cryptographic techniques (like hashes and signatures) so that any change to past entries stands out. With this setup, investigators and security teams can verify the integrity of logs, maintain a clear chain of custody, and reliably detect tampering or deletions.

Local storage on individual machines is vulnerable because if a host is compromised, an attacker can modify or delete logs locally without immediate detection. Disabled alerting removes critical signals that could reveal tampering or ongoing breaches, undermining the purpose of monitoring. No retention policy leads to data loss and makes it impossible to prove what happened in the past, defeating both integrity and forensic needs.

So, using tamper-evident storage directly supports the goal of maintaining trustworthy, auditable logs and monitoring data.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy