To protect auditable information, transaction log files must be configured to only allow read access. Transaction log files are files that record and store the details or the history of the transactions or the activities that occur within a system or a database, such as the date, the time, the user, the action, or the outcome. Transaction log files are important for auditing purposes, as they can provide the evidence or the proof of the transactions or the activities that occur within a system or a database, and they can also support the recovery or the restoration of the system or the database in case of a failure or a corruption. To protect auditable information, transaction log files must be configured to only allow read access, which means that only authorized users or devices can view or access the transaction log files, but they cannot modify, delete, or overwrite the transaction log files. This can prevent or reduce the risk of tampering, alteration, or destruction of the auditable information, and it can also ensure the integrity, the accuracy, or the reliability of the auditable information.
A. Logging configurations are not the files that must be configured to only allow read access to protect auditable information, but rather the settings or the parameters that determine or control how the logging or the recording of the transactions or the activities within a system or a database is performed, such as the frequency, the format, the location, or the retention of the log files. Logging configurations can affect the quality or the quantity of the auditable information, but they are not the auditable information themselves.
C. User account configurations are not the files that must be configured to only allow read access to protect auditable information, but rather the settings or the parameters that define or manage the user accounts or the identities of the users or the devices that access or use a system or a database, such as the username, the password, the role, or the permissions. User account configurations can affect the security or the access of the system or the database, but they are not the auditable information themselves.
D. Access control lists (ACL) are not the files that must be configured to only allow read access to protect auditable information, but rather the data structures or the files that store and manage the access control rules or policies for a system or a resource, such as a file, a folder, or a network. An ACL specifies the permissions or the privileges that the users or the devices have or do not have for the system or the resource, such as read, write, execute, or delete. ACLs can affect the security or the access of the system or the resource, but they are not the auditable information themselves.
References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, page 197; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 7, page 354
