CompTIA Security+ (SY0-501) — Question 779

A security administrator has been conducting an account permissions review that has identified several users who belong to functional groups and groups responsible for auditing the functional groups' actions. Several recent outages have not been able to be traced to any user. Which of the following should the security administrator recommend to preserve future audit log integrity?

Answer options

• A. Enforcing stricter onboarding workflow policies
• B. Applying least privilege to user group membership
• C. Following standard naming conventions for audit group users
• D. Restricting audit group membership to service accounts

Correct answer: C

Explanation

The correct answer, C, is important because consistent naming conventions help quickly identify users and their roles, making audits more efficient and clear. Options A and B, while beneficial for general security, do not directly address audit log integrity. Option D restricts access, but may hinder the ability to track legitimate user actions if service accounts are overused.