CompTIA SecurityX (CAS-005) — Question 285

A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response. Which of the following should the team do to best accomplish this goal?

Answer options

• A. Integrate a file-monitoring tool with the SIEM.
• B. Change the log solution and integrate it with the existing SIEM.
• C. Implement a central logging server, allowing only log ingestion.
• D. Rotate and back up logs every 24 hours, encrypting the backups.

Correct answer: C

Explanation

Implementing a central logging server that only allows log ingestion is the best way to ensure a secure and tamper-proof logging environment, making it easier to conduct audits and respond to incidents. The other options, while potentially useful in certain contexts, do not provide the same level of integrity and security for log data as a central logging server would.