A company has just deployed a centralized event log storage system. Which of the following can be used
to ensure the integrity of the logs after they are collected?

A.
Write-once drives

B.
Database encryption

C.
Continuous monitoring

D.
Role-based access controls

Explanation:
A write-once drive means that the disk cannot be overwritten once data is written to the disk; and thus
the integrity of the logs, if they are written to a write-once drives will ensure integrity of those logs.
Incorrect Answers:
B: Database encryption will ensure that the data remains secured until an authorized user makes a valid
request to access a data element. It protects against outside attackers, unauthorized users and invalid
requests, but it is not meant to ensure the integrity of logs after collection.
C: Continuous monitoring means that all users be monitored equally while on the company premises (i.e.
that is until they depart or disconnect from the network) and that all activities of all types are tracked.
D: Role-based access control man purpose is to provide access to systems that a user needs based on that
particular user’s position and function in the organization. It is not meant to maintain the integrity of logs
after its collection.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 252, 294
http://www.google.com/patents/US6879454