Exam CISM topic 1 question 992 discussion

D. is the answer, and A is definetly not.

Come on folks. you don't want admin having rights/access to their own logs. Answer is D

D - prevents tamper of their own files.

User access log files track the actions of all users who access a system, regardless of their privileges. This includes information such as the user's ID, the time of access, the resources accessed, and the actions performed. User access log files are valuable for identifying suspicious activity, auditing system usage, and troubleshooting access-related issues. Administrator log files, on the other hand, focus specifically on the actions performed by users with administrative privileges. This includes activities such as creating or modifying user accounts, configuring system settings, and installing software. Administrator log files are particularly important for maintaining the integrity of the system and investigating security incidents.

The answer is D. Administrator log files. System administrators should have read-only access to administrator log files to prevent them from tampering with or modifying the logs. This is crucial for maintaining the integrity and authenticity of the logs, which are essential for forensic investigations and incident response.

Option Explanation A. User access log files While it's important to maintain the integrity of user access logs, system administrators typically have legitimate reasons to access and modify these logs for administrative purposes. B. Administrator user profiles Restricting system administrators to read-only access for their own user profiles can enhance security, but it's not as critical as restricting access to administrator log files. C. System logging options System administrators typically need full access to configure and manage system logging options. Restricting them to read-only access would hinder their ability to perform their duties effectively.

A. User access log files

User access log files contain sensitive information about who accessed the system, when they accessed it, and what actions they performed. It is crucial to restrict system administrators to read-only access for user access log files to maintain security and prevent unauthorized modifications or deletions of the log data. This helps in maintaining the integrity of the log files and ensures that the records are reliable for security and auditing purposes.