Which measure is commonly used to maintain tamper-evidence in security logs?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Cyber ProKnow AI Test with multiple choice questions, detailed explanations, and tailored study resources. Enhance your skills and confidence to excel in the exam!

Multiple Choice

Which measure is commonly used to maintain tamper-evidence in security logs?

Explanation:
To keep security logs tamper-evident, you need an immutable record plus a way to verify its integrity. Storing logs in append-only storage means new entries can be added, but existing data cannot be altered or erased without leaving a trace. Pairing that with cryptographic hashes—such as hashing each entry or creating a hash chain that links successive logs—lets you detect any modification by recomputing and comparing hashes. This combination provides a verifiable trail: you can prove that the logs were captured as-is and that any tampering would break the hash chain or the append-only sequence. Deleting old logs to save space defeats tamper-evidence because it removes the evidence itself. Keeping logs only in a local file with no integrity protection leaves them vulnerable to alteration without detection. Encrypting logs in transit protects confidentiality during transmission but does not address tampering once the logs are stored or guarantee their integrity.

To keep security logs tamper-evident, you need an immutable record plus a way to verify its integrity. Storing logs in append-only storage means new entries can be added, but existing data cannot be altered or erased without leaving a trace. Pairing that with cryptographic hashes—such as hashing each entry or creating a hash chain that links successive logs—lets you detect any modification by recomputing and comparing hashes. This combination provides a verifiable trail: you can prove that the logs were captured as-is and that any tampering would break the hash chain or the append-only sequence.

Deleting old logs to save space defeats tamper-evidence because it removes the evidence itself. Keeping logs only in a local file with no integrity protection leaves them vulnerable to alteration without detection. Encrypting logs in transit protects confidentiality during transmission but does not address tampering once the logs are stored or guarantee their integrity.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy