nerdexam
ExamsCISSPQuestions#1211
(ISC)2(ISC)2

CISSP · Question #1211

CISSP Question #1211: Real Exam Question with Answer & Explanation

The correct answer is D: Append. For secure logging, the Append permission is ideal because it allows new log entries to be added without permitting modification or deletion of existing records, preserving log integrity.

Submitted by joshua94· Mar 5, 2026Software Development Security

Question

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

Options

  • ARead
  • BExecute
  • CWrite
  • DAppend

Explanation

For secure logging, the Append permission is ideal because it allows new log entries to be added without permitting modification or deletion of existing records, preserving log integrity.

Common mistakes.

  • A. Read permission only allows viewing the file's contents and does not permit writing any log data, making it insufficient for logging user activity.
  • B. Execute permission allows a file to be run as a program or script and has no relevance to writing or securing log data in a log file.
  • C. Write permission allows creating, modifying, and overwriting file contents, which is a security risk for logs because it permits existing log entries to be altered or deleted, undermining audit integrity.

Concept tested. File permissions for secure log file integrity

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings

Topics

#File permissions#Log file security#Access control#Data integrity

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions