CompTIA Security+ (SY0-601) — Question 719

Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?

Answer options

• A. Set up hashing on the source log file servers that complies with local regulatory requirements.
• B. Back up the aggregated log files at least two times a day or as stated by local regulatory requirements.
• C. Write protect the aggregated log files and move them to an isolated server with limited access.
• D. Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.

Correct answer: A

Explanation

The correct answer is A because hashing helps verify that the log files have not been altered, which is crucial for maintaining their integrity. Options B, C, and D focus on backup and access control, which are important but do not directly address the integrity of the logs through hashing.