Which guideline applies to logging to ensure security and privacy?

Prepare for the Code Standards and Practices Level 1 Test. Test yourself with multiple choice questions, flashcards, and explanations. Ensure success with our comprehensive study materials!

Multiple Choice

Which guideline applies to logging to ensure security and privacy?

Explanation:
Minimize what you store in logs to protect privacy and reduce security risk. The strongest guideline is to avoid logging sensitive data in the first place, because logs often sit in systems that can be accessed or breached. If you can’t log at all, you prevent exposure of secrets, personal data, or payment information. In practice, you redact, mask, or truncate sensitive fields (like passwords, tokens, credit card numbers, or user identifiers) or log only non-sensitive metadata such as timestamps, severity, and source. Use structured logs with safe fields, and apply data classification to decide what may or may not be logged. Pair this with access controls, encryption at rest and in transit, and clear retention policies so any necessary data is kept only as long as needed. Other approaches listed don’t address privacy risk. Logging everything regardless of content can reveal secrets and sensitive information. Logging only in production reduces visibility for debugging and monitoring, not privacy. Structuring logs randomly makes them hard to search and audit, undermining both security and troubleshooting.

Minimize what you store in logs to protect privacy and reduce security risk. The strongest guideline is to avoid logging sensitive data in the first place, because logs often sit in systems that can be accessed or breached. If you can’t log at all, you prevent exposure of secrets, personal data, or payment information.

In practice, you redact, mask, or truncate sensitive fields (like passwords, tokens, credit card numbers, or user identifiers) or log only non-sensitive metadata such as timestamps, severity, and source. Use structured logs with safe fields, and apply data classification to decide what may or may not be logged. Pair this with access controls, encryption at rest and in transit, and clear retention policies so any necessary data is kept only as long as needed.

Other approaches listed don’t address privacy risk. Logging everything regardless of content can reveal secrets and sensitive information. Logging only in production reduces visibility for debugging and monitoring, not privacy. Structuring logs randomly makes them hard to search and audit, undermining both security and troubleshooting.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy