Which is the correct order of steps in the logging lifecycle?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Enhance your cyber defense skills with the Security Blue Team Level 1 Test. Prepare with flashcards, multiple choice questions, and detailed explanations to ace your exam!

Multiple Choice

Which is the correct order of steps in the logging lifecycle?

Explanation:
The key idea is to secure the log data in a central place before you analyze it, so you can trust the results and meet compliance needs. You start by collecting logs from all sources, then transmitting them to a central store so everything is in one place for correlation and monitoring. Once the logs are in the central repository, you store them in a tamper-evident way (for example, using immutable or append-only storage, checksums, or digital signatures) to prove they haven’t been altered after collection. Only after the integrity of the data is protected do you run analysis to look for alerts. After analysis, you apply retention policies to keep data for the required period, and delete it when the retention ends to minimize risk and storage use. This order makes sense because analysis relies on trustworthy data; tamper-evident storage provides that trust before any analysis takes place. Transmitting or collecting out of order would risk incomplete visibility or untrustworthy results, and performing analysis before confirming data integrity undermines the purpose of securing the evidence.

The key idea is to secure the log data in a central place before you analyze it, so you can trust the results and meet compliance needs. You start by collecting logs from all sources, then transmitting them to a central store so everything is in one place for correlation and monitoring. Once the logs are in the central repository, you store them in a tamper-evident way (for example, using immutable or append-only storage, checksums, or digital signatures) to prove they haven’t been altered after collection. Only after the integrity of the data is protected do you run analysis to look for alerts. After analysis, you apply retention policies to keep data for the required period, and delete it when the retention ends to minimize risk and storage use.

This order makes sense because analysis relies on trustworthy data; tamper-evident storage provides that trust before any analysis takes place. Transmitting or collecting out of order would risk incomplete visibility or untrustworthy results, and performing analysis before confirming data integrity undermines the purpose of securing the evidence.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy