What is the primary reason we use a specific server for storing logs with limited admin access?
A: To have logs available for analysis.
B: To ensure the logs integrity.
C: For the SEIM to be able to access them.
D: For redundancy.
CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests
B: We want to ensure our central log repository is not tempered with by staff or attackers. While it also can provide redundancy it is not the main reason. The SEIM can access logs where ever they may be.
IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.