What describes tamper-evident logging?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the DSAC Annex F Test with comprehensive flashcards and multiple choice questions. Access hints and explanations for each question to ensure you’re ready for your exam!

Multiple Choice

What describes tamper-evident logging?

Explanation:
Tamper-evident logging focuses on making it possible to detect any change to logs after they’re written. The strongest description involves protecting logs from modification by design, using an append-only storage model so new entries can be added but not overwritten, hash chaining so each entry includes a cryptographic link to the previous one, and secure timestamps to prove when each event occurred. Together, these mechanisms create a traceable, auditable record where any alteration breaks the chain or reveals tampering, making it readily detectable. This approach provides integrity and accountability: if someone tries to alter an earlier entry, the hash chain won’t align, and the timestamping helps confirm that the sequence of events remains authentic. In contrast, storing logs in plaintext without security controls offers no protection against tampering, as someone could modify or delete data without triggering any checks. Rotating logs without integrity checks can conceal tampering if the rotation process isn’t itself protected or verifiable. Deleting logs after a set period removes evidence and breaks the ability to perform a complete audit.

Tamper-evident logging focuses on making it possible to detect any change to logs after they’re written. The strongest description involves protecting logs from modification by design, using an append-only storage model so new entries can be added but not overwritten, hash chaining so each entry includes a cryptographic link to the previous one, and secure timestamps to prove when each event occurred. Together, these mechanisms create a traceable, auditable record where any alteration breaks the chain or reveals tampering, making it readily detectable.

This approach provides integrity and accountability: if someone tries to alter an earlier entry, the hash chain won’t align, and the timestamping helps confirm that the sequence of events remains authentic. In contrast, storing logs in plaintext without security controls offers no protection against tampering, as someone could modify or delete data without triggering any checks. Rotating logs without integrity checks can conceal tampering if the rotation process isn’t itself protected or verifiable. Deleting logs after a set period removes evidence and breaks the ability to perform a complete audit.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy