CISSP · Question #1211
A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?
The correct answer is D. Append. For secure logging, the Append permission is ideal because it allows new log entries to be added without permitting modification or deletion of existing records, preserving log integrity.
Question
Options
- ARead
- BExecute
- CWrite
- DAppend
How the community answered
(25 responses)- A12% (3)
- C4% (1)
- D84% (21)
Why each option
For secure logging, the Append permission is ideal because it allows new log entries to be added without permitting modification or deletion of existing records, preserving log integrity.
Read permission only allows viewing the file's contents and does not permit writing any log data, making it insufficient for logging user activity.
Execute permission allows a file to be run as a program or script and has no relevance to writing or securing log data in a log file.
Write permission allows creating, modifying, and overwriting file contents, which is a security risk for logs because it permits existing log entries to be altered or deleted, undermining audit integrity.
The Append permission allows a process to add new data to the end of a log file without granting the ability to read, modify, or delete existing content. This is critical for secure logging because it ensures that previously written log entries cannot be tampered with or erased, maintaining an accurate and trustworthy audit trail of user activity.
Concept tested: File permissions for secure log file integrity
Source: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings
Topics
Community Discussion
No community discussion yet for this question.