How should you configure BSM to help you detect whether an attacker has removed audit records?

How should you configure BSM to help you detect whether an attacker has removed audit records?

A.
Audit records already indicate this by default.

B.
You execute the command bsmconv +cnt and reboot.

C.
auditconfig -setpolicy +cnt should be added to /etc/security/audit_startup.

D.
auditconfig -setpolicy +seq should be added to /etc/security/audit_startup.