What condition should apply to new data added to logs when monitoring integrity?

• A. New data additions should not cause an alert
• B. New data additions must trigger an alert
• C. All additions should be archived silently
• D. Nothing about new data

Answer: (A)

The key idea is preserving log integrity by distinguishing normal operation from tampering. New data being added to logs is expected as the system runs, so simply append-only growth should not trigger an alert. Alerts should fire only when the log file itself is altered in an unauthorized way—such as existing entries being modified or removed, or the log being truncated—indicating potential tampering. In practice, you monitor for integrity violations (changes to the log file’s content, not its normal expansion) and use protections like strict write permissions, append-only storage, and cryptographic verification to verify that the prior data remains intact while new entries are legitimately added.