The correct answer is true. When SELinux is set to 'Enforcing' mode, the security policy is enforced and any actions not explicitly allowed by the policy are denied and recorded in the audit log. Setting SELinux to 'Permissive' would only log the actions without denying them, while 'Disabled' turns off SELinux enforcement and logging altogether.