ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During a forensic investigation of an unauthorized database dump, the response team discovers that every application node keeps its audit records in plain-text files on the local disk and developers can alter or delete those files at will. Which control, if it had been implemented, would have most directly preserved accountability for the actions that led to the breach?
Requiring multi-factor authentication for all privileged user accounts
Centralized, write-once log collection stored on a server where only security administrators have append-only rights
Encrypting local audit files with the application's TLS certificate
Scheduling weekly differential backups of the application servers
Accountability relies on the ability to attribute each action to a specific identity and to prove that the recorded evidence has not been altered. Storing logs locally, where the same users who generated the events can modify or erase them, breaks that chain of evidence. A centrally managed, write-once (immutable) logging solution with tightly restricted administrative access protects the integrity and availability of audit records, allowing investigators to trace events back to responsible parties. Encrypting audit files adds confidentiality but does not stop authorized users from deleting or rewriting them. Weekly server backups and multi-factor authentication are valuable practices, yet neither specifically ensures that log evidence remains tamper-proof and attributable throughout the system's life cycle.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is centralized, write-once log collection essential for preserving accountability?
Open an interactive chat with Bash
What does 'append-only rights' mean and how do they prevent log tampering?
Open an interactive chat with Bash
How does encrypting audit logs differ from centralized logging for accountability?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .