An administrator is centralizing logs from multiple departments to a shared platform where tamper protection and classification are required. Which approach best ensures that logs remain intact for investigation and threat responses?
Allow systems to keep data locally without an intermediary and manually merge file snapshots monthly
Distribute logs by converting them into PDFs and storing them individually on separate networks
Use an intermediary that stores and validates logs, then forwards them for consolidation over encrypted channels
Send all messages to a single email server for archiving without additional safeguards
Combining logs in one secure location with robust access controls and encryption helps safeguard their integrity. By directing logs to an intermediary with specialized features, there is consistent oversight, minimal chance of unnoticed manipulation, and streamlined detection. Relying on PDFs, emails, or scattered local storage introduces potential changes and gaps in coverage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of an intermediary in log management?
Open an interactive chat with Bash
Why is encryption important when transmitting logs?
Open an interactive chat with Bash
What are the risks of not using centralized logging systems?