A company is implementing a new SIEM. Which THREE factors are most important to ensure log integrity and usefulness for forensic investigations? (Choose THREE.)
Write-once storage ensures logs cannot be altered after creation.
Why this answer
Write-once storage (e.g., WORM drives or append-only storage systems) prevents modification or deletion of log data after it is written. This immutability is critical for forensic investigations because it ensures that logs cannot be tampered with by an attacker or an insider, preserving the original evidence exactly as it was recorded.
Exam trap
The trap here is that candidates often confuse operational convenience (centralized aggregation) with security controls (integrity and authenticity), leading them to select Option E instead of recognizing that integrity requires write-once or cryptographic protections.