CompTIA CySA+ (CS0-001) — Question 58

A cybersecurity analyst is reviewing Apache logs on a web server and finds that some logs are missing. The analyst has identified that the systems administrator accidentally deleted some log files. Which of the following actions or rules should be implemented to prevent this incident from reoccurring?

Answer options

• A. Personnel training
• B. Separation of duties
• C. Mandatory vacation
• D. Backup server

Correct answer: D

Explanation

Implementing a Backup server is crucial as it ensures that copies of important log files are stored securely and can be restored if deleted. Personnel training, while beneficial, does not directly address the issue of file deletion. Separation of duties and mandatory vacation policies are focused on reducing insider threats and do not specifically prevent the accidental deletion of files.