Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 82

While investigating a compromised Web server, an auditor found that the Web server logs had been deleted. The auditor should recommend that the Web server logs be:

Answer options

• A. Generated and maintained on a separate secure server.
• B. Accessible by administrative users only
• C. Encrypted to ensure that the logs cannot be deleted.
• D. Restored automatically to the Web server from backup files.

Correct answer: A

Explanation

The correct answer is A because generating and maintaining logs on a separate secure server helps protect them from tampering or deletion on the compromised server. Option B restricts access but does not prevent log deletion, C suggests encryption which does not stop deletion, and D assumes backups exist but does not address the root issue of log protection.