How would you configure auditing to identify when an attacker has removed audit records?

A.
Execute the command bsmconv +cnt and reboot.

B.
Audit records already have sequence numbers by default.

C.
auditconfig -setpolicy +cnt should be added to /etc/security/audit_startup.

D.
auditconfig -setpolicy +seq should be added to /etc/security/audit_startup.