One of your primary business objectives is being able to trust the data stored in your application. You want to log all changes to the application data. How can you design your logging system to verify authenticity of your logs?
A.
Write the log concurrently in the cloud and on premises
B.
Use a SQL database and limit who can modify the log table
C.
Digitally sign each timestamp and log entry and store the signature
D.
Create a JSON dump of each log entry and store it in Google Cloud Storage
Correct answer is C (verified from Question Bank in Whizlabs.com)
Feedback
C (Correct answer) - Digitally sign each timestamp and log entry and store the signature.
Answer A, B, and D don’t have any added value to verify the authenticity of your logs. Besides, Logs are mostly suitable for exporting to Cloud storage, BigQuery, and PubSub. SQL database is not the best way to be exported to nor store log data.
Simplified Explanation
To verify the authenticity of your logs if they are tampered with or forged, you can use a certain algorithm to generate digest by hashing each timestamp or log entry and then digitally sign the digest with a private key to generate a signature. Anybody with your public key can verify that signature to confirm that it was made with your private key and they can tell if the timestamp or log entry was modified. You can put the signature files into a folder separate from the log files. This separation enables you to enforce granular security policies.
I would recommend option C, digitally signing each timestamp and log entry and storing the signature. Digitally signing a log entry involves creating a cryptographic hash of the log entry and a timestamp, and then encrypting the hash using a private key. The encrypted hash, known as the signature, can be stored along with the log entry in a secure manner. To verify the authenticity of the log entry, you can use the public key associated with the private key used to create the signature to decrypt the signature and recreate the hash. If the recreated hash matches the original hash, it indicates that the log entry has not been tampered with and is authentic.
Writing the log concurrently in the cloud and on premises, would not necessarily help to verify the authenticity of the logs, so A is not an option
B, using a SQL database and limiting who can modify the log table, could help to prevent unauthorized modification of the logs, but it would not necessarily provide a way to verify the authenticity of the logs if they are modified by an authorized user.
Option D, creating a JSON dump of each log entry and storing it in Google Cloud Storage, would not necessarily help to verify the authenticity of the logs.
C – Digitally sign each timestamp and log entry and store the signature.
This is fun Q where all options are technically correct. But, the point is to find most efficient. Since, Q asks about verification of log entry - then you don't need to dub it. Using of much shorter timestamp-hash pair will address the request. So, when reading log from original source, you also read hash for this timestamp and then verify the entry's body.
BTW, this is one of general purpose questions, which is not directly related to GCP. Just checks your attentiveness
A - is about duplication, can work, but redundant;
B / D - both have similar design, but don’t allow verification of entry. No cross-checking of entry. E.g. person having access to log can change it in one place.
C - storing log in one place, and hash-code in another. So, even if "trusted" person has modified original log, then it will break correspondence with hash code in other storage. That storage should be available only for authentication program (via service account).
C (Correct answer) - Digitally sign each timestamp and log entry and store the signature.
Other options are possible to export logs but won't be able to verify authenticity of logs
I'm on the fence between C and D. C is a good practice but D can do the job as well as versioned objects might be able to do job at some level... Now, C tells that only the signature would be stored which is obviously not enough, but the owner of versioned objects might be tampered too... IDK
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
get2dd
Highly Voted 3 years, 4 months agoJoeShmoe
Highly Voted 4 years, 7 months ago666Amitava666
Most Recent 2 months, 1 week agoomermahgoub
1 year, 6 months agoomermahgoub
1 year, 6 months agoAzureDP900
1 year, 8 months agoGMats
2 years, 6 months agovincy2202
2 years, 6 months agojoe2211
2 years, 7 months agoMaxNRG
2 years, 8 months agoNeo_ACE
2 years, 8 months agoWonka
2 years, 5 months agoaviratna
3 years agoAmrit00009
3 years, 1 month agovictory108
3 years, 1 month agoAmber25
3 years, 1 month agoun
3 years, 1 month agomrhege
3 years, 2 months agolynx256
3 years, 3 months agoAusias18
3 years, 3 months ago