CompTIA Security Plus Mock Test Q485

A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?

A. Write-once drives
B. Database encryption
C. Continuous monitoring
D. Role-based access controls

Correct Answer: A
Section: Compliance and Operational Security

A write-once drive means that the disk cannot be overwritten once data is written to the disk; and thus the integrity of the logs, if they are written to a write-once drives will ensure integrity of those logs.

Incorrect Answers:
B: Database encryption will ensure that the data remains secured until an authorized user makes a valid request to access a data element. It protects against outside attackers, unauthorized users and invalid requests, but it is not meant to ensure the integrity of logs after collection.
C: Continuous monitoring means that all users be monitored equally while on the company premises (i.e. that is until they depart or disconnect from the network) and that all activities of all types are tracked.
D: Role-based access control man purpose is to provide access to systems that a user needs based on that particular user’s position and function in the organization. It is not meant to maintain the integrity of logs after its collection.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 252, 294