CCSP Question #44: Real Exam Question with Answer & Explanation

Question

Log data should be protected ____________.

Options

• AOne level below the sensitivity level of the systems from which it was collected
• BAt least at the same sensitivity level as the systems from which it was collected
• CWith encryption in transit, at rest, and in use
• DAccording to NIST guidelines

Explanation

Log data should be protected at least at the same sensitivity level as the systems from which it was collected to prevent unauthorized access or tampering with critical security information.

Common mistakes.

• A. Protecting log data at a lower sensitivity level than the source systems would make it a weaker link, allowing attackers to potentially access or tamper with logs more easily, undermining security monitoring and incident response.
• C. While encryption in transit, at rest, and in use is an important method of protection, it describes a technical control rather than the sensitivity level requirement for protection, and it might not be universally required for all log data across all sensitivity levels.
• D. 'According to NIST guidelines' is too general; while NIST provides excellent guidance, the most specific and accurate principle among the choices for log data protection sensitivity is comparing it to the source system's sensitivity.

Concept tested. Log data protection sensitivity

Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf

No community discussion yet for this question.