Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response. Which of the following should the team do to best accomplish this goal?
Correct Answer: C
A central logging server ensures logs are collected in a tamper-proof manner and only ingested (not modified). This prevents attackers from altering logs locally. Key concepts: Logs should be centrally stored to prevent tampering. Enabling log forwarding to a secure SIEM improves integrity. Other options: A (File monitoring tool) helps detect file changes but doesn't prevent log tampering. B (Changing log solutions) does not inherently improve security. D (Log rotation and encryption) is best practice but does not prevent modification before transmission.