Q: 2
[Governance, Risk, and Compliance (GRC)]
An audit finding reveals that a legacy platform has not retained loos for more than 30 days The
platform has been segmented due to its interoperability with newer technology. As a
temporarysolution, the IT department changed the log retention to 120 days. Which of the following
should the security engineer do to ensure the logs are being properly retained?
Options
Discussion
C. SIEM is purpose-built for aggregating and retaining logs, so it aligns with GRC requirements here. Pretty sure that's what real audits expect. Agree?
C imo, SIEM handles retention and compliance best, but if the legacy system couldn't export logs out at all, none of these would actually fix it. Still, CompTIA's logic leans C I think.
Man, another classic CompTIA SIEM question. C imo, since only a SIEM can really guarantee proper, compliant retention across old and new systems like the audit wants. Scripts and tasks are just workarounds. Disagree?
C, not A. SIEM is what actually guarantees proper retention and auditability here, while A just schedules local saves and misses the compliance point. Happened on similar practice sets.
Yeah, C makes the most sense here. SIEMs are designed to centralize and properly retain logs from all types of systems, even legacy ones, which lines up with compliance needs and audit fixes. Scripts or scheduled tasks like A or D are kind of patchwork and don't hit the "proper retention" part as well. Pretty sure CompTIA wants the SIEM solution for this.
C saw almost the same thing in my practice set. SIEM is what they want for retention/compliance, but if the log export isn't supported maybe A? Not totally sure but C feels right for CompTIA logic.
C , SIEM is made for compliance and log retention, plus it works with legacy stuff if needed. Official guides and labs both stress centralizing via SIEM for this type of audit fix. Pretty sure that's the CompTIA angle here.
I’d say C, since a SIEM is built for centralized log retention and that matches audit/GRC needs. Scripts like in D can break or miss things, SIEM is more reliable long term. Pretty sure that's what CompTIA wants here. Agree?
Be respectful. No spam.
