nerdexam
(ISC)2

CISSP · Question #1211

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

The correct answer is D. Append. For secure logging, the Append permission is ideal because it allows new log entries to be added without permitting modification or deletion of existing records, preserving log integrity.

Submitted by joshua94· Mar 5, 2026Software Development Security

Question

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

Options

  • ARead
  • BExecute
  • CWrite
  • DAppend

How the community answered

(25 responses)
  • A
    12% (3)
  • C
    4% (1)
  • D
    84% (21)

Why each option

For secure logging, the Append permission is ideal because it allows new log entries to be added without permitting modification or deletion of existing records, preserving log integrity.

ARead

Read permission only allows viewing the file's contents and does not permit writing any log data, making it insufficient for logging user activity.

BExecute

Execute permission allows a file to be run as a program or script and has no relevance to writing or securing log data in a log file.

CWrite

Write permission allows creating, modifying, and overwriting file contents, which is a security risk for logs because it permits existing log entries to be altered or deleted, undermining audit integrity.

DAppendCorrect

The Append permission allows a process to add new data to the end of a log file without granting the ability to read, modify, or delete existing content. This is critical for secure logging because it ensures that previously written log entries cannot be tampered with or erased, maintaining an accurate and trustworthy audit trail of user activity.

Concept tested: File permissions for secure log file integrity

Source: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings

Topics

#File permissions#Log file security#Access control#Data integrity

Community Discussion

No community discussion yet for this question.

Full CISSP Practice