For those who are saying "Retention " = retention is something which we define as a date or week or month or year for saving logs or any other kind of data . after the defined period, the data will be overwritten . lets take CCTV data storage as an example. if we are configuring the storage settings for 1 moth , it will only keep 1 month of recent video footage , the old footages will be overwritten . Ans is D
A. B and C are not relevant to ensure old log data is not overwritten. According to NIST, log preservation is defined as "Keeping logs that normally would be discarded, because they contain records of activity of particular interest." Log retention is "Archiving logs on a regular basis as part of standard operational activities." D refers to preserving logs specifically because they may have something of interest, whereas A is the regular practice of keeping and storing old logs.
Log retention prevents to logs to be overwritten. If retention time is to short than preservation will not help because it keeps overwritten and not completer. Other advantage. It is easier and cheaper.
A: is my answer
From OSG:
16. Gavin is considering altering his organization’s 'log retention' policy to delete logs at the end of each day. What is the most important reason that he should avoid this approach?
A. An incident may not be discovered for several days and valuable evidence could be lost.
The organization’s policies and procedures should also address the preservation of original logs. Many organizations send copies of network traffic logs to centralized devices, as well as use tools that analyze and interpret network traffic. So D is correct.
The correct answer is A
The answer that best ensures old log data is not overwritten is log retention, option A.
Log retention policies and procedures specifically preserve and archive logs for compliance and analysis needs, preventing them from being purged or overwritten.
Syslog may provide centralized logging but does not itself retain old logs.
Increasing log file size allows storing more events but does not guarantee retaining old data.
While log preservation is close, log retention is the most precise term for maintaining archives of old log data.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
DERCHEF2009
Highly Voted 2 years, 5 months agojackdryan
1 year, 9 months agoCoolwater
Highly Voted 2 years, 4 months agozehn
Most Recent 1 month, 2 weeks agoimather
1 month, 3 weeks agonuggetbutts
3 months, 2 weeks agoBietchasup
2 months, 4 weeks agosomsom
3 months, 3 weeks agodeeden
6 months, 3 weeks agoMP26
10 months, 1 week agojohn_boogieman
11 months agoKyanka
11 months, 3 weeks agoHongjun
11 months, 3 weeks agoInclusiveSTEAM
1 year, 4 months agoLalithW
1 year, 4 months agogeorgegeorge125487
1 year, 6 months agoMShaaban
1 year, 6 months agojanvandermerwer
1 year, 7 months agoBach1968
1 year, 7 months ago