ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During a post-incident review, a cloud customer realizes that the security team cannot prove that virtualization-layer audit logs collected during the attack were unchanged after the fact. The new control objective is to ensure log non-repudiation and forensic soundness for all future investigations. Which design change BEST meets this requirement without relying on the underlying hypervisor operator's trustworthiness?
Mirror log traffic using a vTAP and forward it to a SIEM in the same availability zone.
Stream logs to an immutable WORM repository that applies cryptographic hashing and time-stamping at ingestion.
Compress and rotate logs daily before copying them to the same tenant storage bucket.
Enable agentless vulnerability scanning on the hosts that generate the logs.
Non-repudiation of audit information requires that an attacker-including a privileged cloud administrator-cannot alter logs without detection. Writing logs to an immutable, write-once read-many (WORM) target immediately on ingestion and protecting them with cryptographic time-stamps or hash-chaining provides tamper-resistance and verifiability independent of the hypervisor operator. Simply rotating or compressing files does not prevent alteration. Vulnerability scanning examines host configuration, not log integrity. Mirroring log traffic to a SIEM in the same availability zone still relies on mutable storage and the cloud provider's control of that environment, so it cannot guarantee forensic soundness.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an immutable WORM repository, and how does it ensure log integrity?
Open an interactive chat with Bash
What is cryptographic hashing, and why is it important for log non-repudiation?
Open an interactive chat with Bash
Why doesn't mirroring log traffic to a SIEM guarantee forensic soundness?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Platform & Infrastructure Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .