Which choice below is the BEST description of an audit trail?

A.
Audit trails are used to detect penetration of a computer system and to reveal usage that
identifies misuse.

B.
An audit trail is a device that permits simultaneous data processing of two or more security levels
without risk of compromise.

C.
An audit trail mediates all access to objects within the network by subjects within the network.

D.
Audit trails are used to prevent access to sensitive systems by unauthorized personnel.

Explanation:
An audit trail is a set of records that collectively provide documentary evidence of processing used to
aid in tracing from original transactions forward to related records and reports, and/or backward
from records and reports to their component source transactions. Audit trails may be limited to
specific events or may encompass all of the activities on a system. User audit trails can usually log:
All commands directly initiated by the user All identification and authentication attempts Files and
resources accessed It is most useful if options and parameters are also recorded from commands. It
is much more useful to know that a user tried to delete a log file (e.g., to hide unauthorized actions)
than to know the user merely issued the delete command, possibly for a personal data file. *Answer
“An audit trail is a device that permits simultaneous data processing of two or more security levels
without risk of compromise.” is a description of a multilevel devicE. A multilevel device is a device
that is used in a manner that permits it to process data of two or more security levels simultaneously
without risk of compromisE. To accomplish this, sensitivity labels are normally stored on the same
physical medium and in the same form (i.e., machine-readable or human-readable) as the data being
processed. *Answer “An audit trail mediates all access to objects within the network by subjects
within the network.” refers to a network reference monitor, an access control concept that refers to
an abstract machine that mediates all access to objects within the network by subjects within the
network. * Answer “Audit trails are used to prevent access to sensitive systems by unauthorized
personnel.” is incorrect, because audit trails are detective, and the answer describes a preventative
process, access control. Source: NCSC-TG-001 A Guide to Understanding Audit in Trusted Systems
and DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria.