Q: 10
Which of the following provides the MOST assurance of the integrity of a firewall log?
Options
Discussion
Had something like this in a mock. C makes sense since log can't be altered, which is the main thing for integrity. Rest are good but not enough to guarantee original data.
Its C, not B. Being read-only prevents tampering, initial or ongoing review isn't enough here.
My vote is C since logs that can't be modified provide the most direct assurance of integrity. Reviewing or restricting access helps, but only immutability really stops tampering. I think that's what the question is looking for, agree?
C imo, because if the log can't be modified, its integrity is preserved regardless of who accesses it or how often it's reviewed. The others are good practices but they don't actually prevent tampering. Pretty sure that's the main point.
Why assume monthly reviews (A) would guarantee integrity if someone could still alter the log?
Honestly, I'm between C and B here. Not sure since authorized access (B) helps, but if the log can't be modified at all (C), that's better for pure integrity. Monthly reviews or retention don't actually stop tampering. C feels right for MOST assurance, but open to counterpoints.
Option C. but only if the logs are truly immutable. If write-once isn't enforced, A could matter more.
C imo, review official guide and practice questions for log integrity scenarios.
Probably C, similar question in the official guide. For integrity, immutability is key so I'd use that as the answer.
Be respectful. No spam.
