Which is a best practice for logging and evidence collection during a pentest?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the eLearnSecurity Junior Penetration Tester exam with our comprehensive quiz platform. Improve your skills with multiple-choice questions, detailed explanations, and exam tips. Get exam ready with ease!

Multiple Choice

Which is a best practice for logging and evidence collection during a pentest?

Explanation:
The key idea here is preserving evidence in a way that keeps it trustworthy and traceable. In a pentest, logs capture what you did, when you did it, and with what tools, so they must be protected from tampering and clearly linked to who performed each action. A tamper-evident chain of custody guarantees that evidence remains in its original state and that every item can be authenticated later. Coupled with thorough documentation of every action taken, this creates a reliable trail that can be reviewed, audited, or even challenged in a legal or contractual context. Implementing this means preserving logs securely, time-stamping events, and using methods to verify integrity, such as checksums or hashes. Store evidence in access-controlled, write-once or append-only media when feasible, and maintain clear records of what was done, why it was done, the tools used, commands executed, outputs observed, and any data touched. This level of discipline ensures findings are credible and reproducible, and that stakeholders can trust the results. Deleting logs would erase the record of what occurred, breaking traceability. Publicly sharing raw logs can expose sensitive information and violate privacy or contractual terms. Not documenting actions eliminates accountability and makes it impossible to reproduce or validate findings.

The key idea here is preserving evidence in a way that keeps it trustworthy and traceable. In a pentest, logs capture what you did, when you did it, and with what tools, so they must be protected from tampering and clearly linked to who performed each action. A tamper-evident chain of custody guarantees that evidence remains in its original state and that every item can be authenticated later. Coupled with thorough documentation of every action taken, this creates a reliable trail that can be reviewed, audited, or even challenged in a legal or contractual context.

Implementing this means preserving logs securely, time-stamping events, and using methods to verify integrity, such as checksums or hashes. Store evidence in access-controlled, write-once or append-only media when feasible, and maintain clear records of what was done, why it was done, the tools used, commands executed, outputs observed, and any data touched. This level of discipline ensures findings are credible and reproducible, and that stakeholders can trust the results.

Deleting logs would erase the record of what occurred, breaking traceability. Publicly sharing raw logs can expose sensitive information and violate privacy or contractual terms. Not documenting actions eliminates accountability and makes it impossible to reproduce or validate findings.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy