nerdexam
(ISC)2

CISSP · Question #820

While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

The correct answer is A. Retention. The policy that should be updated to address the problem of having only six days of audit logs from the last month available while investigating a malicious event is the retention policy. A retention policy is a policy that defines and specifies the duration and conditions for ke

Submitted by fatema_kw· Mar 5, 2026Security Operations

Question

While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

Options

  • ARetention
  • BReporting
  • CRecovery
  • DRemediation

How the community answered

(20 responses)
  • A
    90% (18)
  • B
    5% (1)
  • D
    5% (1)

Explanation

The policy that should be updated to address the problem of having only six days of audit logs from the last month available while investigating a malicious event is the retention policy. A retention policy is a policy that defines and specifies the duration and conditions for keeping or storing the records or data of an organization, such as audit logs, backups, or archives. A retention policy should be based on the legal, regulatory, operational, or business requirements of the organization, and should balance the costs and benefits of retaining or disposing the records or data. The problem of having only six days of audit logs from the last month available while investigating a malicious event indicates that the retention policy is inadequate or ineffective, as it does not ensure the availability or accessibility of the audit logs for the investigation purposes. The retention policy should be updated to address this problem by extending or adjusting the retention period or criteria for the audit logs, and by enforcing or monitoring the compliance with the retention policy.

Topics

#log retention#audit logs#incident response policy

Community Discussion

No community discussion yet for this question.

Full CISSP Practice