CompTIA Cloud+ Practice Test

What is most likely the reason the development team is not receiving audit logs after the syslog forwarder configuration change?

• A. The development team is not looking at the correct server when querying for the logs.
• B. The security team has greater permissions than the development team.
• C. The audit logging service has been disabled on the server.
• D. The development team's syslog server is configured to listen on the wrong port.

The correct answer is: The security team has greater permissions than the development team.

The selection of the option indicating that the security team has greater permissions than the development team suggests a scenario where permission levels affect access to resources. In environments with strict access controls, it's possible that certain logs, particularly audit logs, are only accessible to users or teams with higher permission levels, such as those held by the security team. If the development team lacks the necessary permissions to read or query the syslog where the audit logs are sent, they would not receive the logs despite the system functioning correctly. This aspect highlights the importance of understanding role-based access control in IT environments. Each team can have varying levels of access defined by their roles, ensuring sensitive information, such as audit logs, remains secure. In contrast, while the other options may seem reasonable at first glance, they don't directly address permission conflicts that could lead to the development team's inability to access the logs. Incorrect server queries, service status, or misconfigured ports could potentially cause issues, but none of these factors highlight the permission-related limitations presented in this scenario. Therefore, focusing on the permissions aspect provides a clearer understanding of why the development team is not receiving audit logs.