To answer this question, we need to understand what log tampering is and what countermeasures can be used to prevent it.
Log tampering refers to the unauthorized modification or alteration of log files, which can be done to conceal or manipulate information. Countermeasures for log tampering aim to protect the integrity and authenticity of log files.
Let's go through each option to understand why it is a countermeasure or not:
A. Digitally signed and stamped logs - This option is a countermeasure for log tampering. Digitally signing and stamping logs ensures that the logs are authentic and have not been tampered with. Any modification to the logs will invalidate the digital signature or stamp.
B. Log file Read/write privilege is controlled by System administrator - This option is not a countermeasure for log tampering. Controlling read/write privileges for log files is important for access control, but it does not directly prevent log tampering. Even with controlled privileges, a malicious user with the appropriate access rights can still tamper with the log files.
C. Separate logs for system events - This option is a countermeasure for log tampering. Using separate logs for system events can help isolate and protect critical log information. If a malicious user tries to tamper with one set of logs, it will not affect the integrity of the other set of logs.
D. Transaction log for all application events - This option is a countermeasure for log tampering. Maintaining a transaction log for all application events allows for the tracking and verification of actions performed within the application. If log tampering occurs, it can be detected by comparing the transaction log with the actual log files.
The correct answer is B. Log file Read/write privilege is controlled by System administrator. This option is not a countermeasure for log tampering as it focuses on access control rather than directly preventing log tampering.