What is the recommended method to ensure audit trails cannot be altered?

• A. Regular archiving of logs to external media
• B. Encrypting log files with a password
• C. Interview system administrators and examine configurations and permissions to verify that audit trails are secured so that they cannot be altered
• D. Logging only during business hours

Answer: (C)

Protecting audit trails from modification hinges on verifying that there are strong controls around who can write to logs, where logs are stored, and how they’re protected from tampering. Interviewing system administrators and inspecting configurations and permissions directly assesses whether logs are secured against alteration. It checks that write access is restricted to authorized systems, that logs are sent to a tamper-evident or centralized repository, and that protections such as write-once or integrity checks are in place to maintain a trustworthy trail over time. Relying on archiving alone doesn’t stop someone from altering original logs before archiving, encryption protects confidentiality but not integrity if someone can obtain the keys to modify logs, and logging only during business hours creates gaps and doesn’t prevent manipulation. Therefore, this verification approach best ensures audit trails cannot be altered because it confirms the actual safeguards are implemented and enforced.