Exam CISSP topic 1 question 165 discussion

I think that it is D: Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data (applies to files only). You are no interested in the application delete previous logs.

D Append-only ledger tables allow only INSERT operations on your tables, which ensure that privileged users such as database administrators can't alter data through traditional Data Manipulation Language operations.

D How to Prevent Developers should implement some or all the following controls, depending on the risk of the application: Ensure all login, access control, and server-side input validation failures can be logged with sufficient user context to identify suspicious or malicious accounts and held for enough time to allow delayed forensic analysis. Ensure that logs are generated in a format that log management solutions can easily consume. Ensure log data is encoded correctly to prevent injections or attacks on the logging or monitoring systems. Ensure high-value transactions have an audit trail with integrity controls to prevent tampering or deletion, such as append-only database tables or similar.

Yes, there is a file permission that allows users to append to a file, which is write permission (w). Write permission allows users to modify or change the contents of a file, including using the redirect or append operators (>) or (>>) in the shell to change the file's contents. Without write permission, users are not allowed to change the file's contents. https://www.redhat.com/sysadmin/linux-file-permissions-explained#:~:text=duplicate%20of%20it.-,Write%20(w),file's%20contents%20are%20not%20permitted.

It is D, because O_APPEND is a permission. Whenever you open a file, you can set the permission to O_APPEND and the application can not delete the file, APPEND only. On OS you have permissions for O_APPEND via SELinux or NTFS ACL on Windows with APPEND only. What you want is, that nobody can delete the logs.

Answer is C, there is no "Append" permission.

read write execute.. these are PERMISSIONS. append isnt a permission.. read write execute 3x.. 777.. right? what is the number for append? Answer is C.

I'm not sure if this question is accurate but I think what they're getting at is D because best practice is to set your log files to Append rather than overwrite previous entries in their log files. The first 3 are irrelevant.

It needs to write file

The following are the common types of rights that can be assigned to log files: Read: This permission allows users or processes to view the contents of the log file. Reading from log files is essential for monitoring system activity, troubleshooting issues, and analyzing historical data. Write: This permission allows users or processes to modify or append to the contents of the log file. Writing to log files is necessary for recording new events, updating log entries, or adding additional information. Execute: In some cases, log files may have execute permissions, allowing them to be executed as scripts or programs. However, this is less common for log files and is typically reserved for executable files.

C - I've found no evidence that "append" is actually a file system permissions option. Write would be the right option here. The ability to delete/modify data is included in that, however, if Append isn't a valid option, write is the only option left. If anyone has direct evidence of append being a permission option, I'd like to learn, please share it. Windows has the "create folder / append data" option, though my testing doesn't show it does what I would assume it can do.

D. Append To ensure secure logging of all user activity, the developer should assign the "Append" permission to the log file. This permission allows new log entries to be added to the existing log file without overwriting or deleting the previous entries, ensuring that a complete record of user activity is maintained. It prevents users from modifying or deleting log entries, which is essential for maintaining the integrity of the log file for security and auditing purposes.

There is the append permission in Windows and in many cloud storage types, see https://en.wikipedia.org/wiki/Append-only

This permission allows writing or modifying the contents of the file, making it essential for the application to log user activity securely.

I am a Linux admin and there is no "append" in Linux. The developer doesn't assign permissions; sysadmins do. The app would need write permission but for everyone else it should be probably no access or just read.

The BEST permission the developer should assign to the log file to ensure secure logging of all user activity is the "Append" permission. The "Append" permission allows new data to be added to the end of a file without overwriting or modifying any existing data in the file. This is important for secure logging of user activity because it ensures that the log file cannot be tampered with or modified by anyone, including the application itself. If the log file had the "Write" permission, then it would be possible for someone or something to modify or overwrite existing log data, which could compromise the integrity and security of the log file. The "Read" permission is not relevant for this use case since it only allows someone to view the contents of the file. The "Execute" permission is also not relevant since it only applies to executable files, which the log file is not. Therefore, the "Append" permission is the BEST permission to ensure secure logging of all user activity.

Append is stricter than write