CISSP Exam - Question 90

shoud be D

For those who are saying "Retention " = retention is something which we define as a date or week or month or year for saving logs or any other kind of data . after the defined period, the data will be overwritten . lets take CCTV data storage as an example. if we are configuring the storage settings for 1 moth , it will only keep 1 month of recent video footage , the old footages will be overwritten . Ans is D

Only log retention exists in CISSP study guide.

A. Log retention Log retention is the practice of keeping log data for a certain period of time. It ensures that old log data is not overwritten, and it can be used for analysis, troubleshooting, and compliance purposes. The retention period can be set according to the organization's needs, and it can be defined as a number of days, weeks, or months.

The correct answer is A The answer that best ensures old log data is not overwritten is log retention, option A. Log retention policies and procedures specifically preserve and archive logs for compliance and analysis needs, preventing them from being purged or overwritten. Syslog may provide centralized logging but does not itself retain old logs. Increasing log file size allows storing more events but does not guarantee retaining old data. While log preservation is close, log retention is the most precise term for maintaining archives of old log data.

D. https://csrc.nist.gov/glossary/term/log_preservation https://csrc.nist.gov/glossary/term/log_retention

Log retention and preservation is more concept. But C is the solution.

i have to go with A. Log retention. Log retention refers to the practice of storing log data for a specified period of time. It ensures that old log data is not overwritten or deleted, allowing for historical analysis, forensic investigations, compliance requirements, and detection of security incidents. By defining and implementing log retention policies, organizations can establish guidelines for how long log data should be retained based on regulatory requirements, business needs, and security considerations. This helps in preserving log data for future reference and maintaining a comprehensive audit trail of system activities. this is why ? Increasing the log file size does not ensure that old log data is not overwritten. It simply allows for a larger storage capacity for log data. However, once the log file reaches its maximum size, new log entries may still overwrite the oldest entries. On the other hand, log retention is a specific practice of preserving log data for a specified period of time, ensuring that it is not overwritten or deleted. This allows for the availability of historical logs for analysis, compliance, and security purposes. Therefore, log retention is the appropriate answer to ensure that old log data is not overwritten.

Answer is D. As already stated, retention has an end date. Preservation can be forever. Implementing a Syslog falls under both log retention and preservation. As a CISO, we don't care whether it's Syslog, Qradar, Splunk, or Slack, as long as it meets the objectives and business requirements.

forgot to choose

It says about log overwritten. SO increasing log file size is correct.

Think like a manager/policy creator: Answer is A.

A is correct

I would go with A

The organization’s policies and procedures should also address the preservation of original logs. Many organizations send copies of network traffic logs to centralized devices, as well as use tools that analyze and interpret network traffic. So D is correct.

From OSG: 16. Gavin is considering altering his organization’s 'log retention' policy to delete logs at the end of each day. What is the most important reason that he should avoid this approach? A. An incident may not be discovered for several days and valuable evidence could be lost.

Log retention prevents to logs to be overwritten. If retention time is to short than preservation will not help because it keeps overwritten and not completer. Other advantage. It is easier and cheaper. A: is my answer