Which statement best describes logging of audit trails for system components?

• A. Logs must enable reconstruction of events including who performed actions on cardholder data.
• B. Logs should be kept forever without review.
• C. Logs are optional for some components.
• D. Initialization of audit logs and stopping or pausing of audit logs.

Answer: (D)

Logging of audit trails for system components focuses on having a reliable, traceable record from the moment a component starts up and ensuring that the logging mechanism is not casually turned off. Initializing audit logs means events are captured as soon as the component is active, so you can reconstruct what happened later. Stopping or pausing audit logs must be tightly controlled and auditable; unapproved pauses would create gaps in evidence and weaken accountability. So this option captures both the need to start logging reliably and the need to manage any interruption to logging in a controlled way. Other choices miss this lifecycle aspect or suggest logs are optional or never reviewed, which conflicts with PCI DSS expectations.