CompTIA Cloud+ (CV0-004) — Question 78

A bank was recently hacked. The bank reviews the logs to see how the attack occurred. The security administrator suspects the logs were manipulated because no traces of the attack can be found in them. Which of the following should have been enabled before the attack occurred?

Answer options

• A. Metric and alerts
• B. Tracing and aggregation
• C. Dashboard and reporting
• D. Versioning and immutability

Correct answer: D

Explanation

Enabling versioning and immutability ensures that logs cannot be altered after they are created, thus preserving the integrity of the information for forensic analysis. The other options do not provide the same level of protection against log manipulation, as metrics, tracing, dashboards, and reporting do not inherently prevent changes to log data.