The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider.

When the breach was discovered and the logs were reviewed, it was discovered that the attacker had purged the logs on the system that they compromised.

How can this be prevented in the future?

a. Encrypt local logs
b. Require administrative access to change logs
c. Enable log rotation
d. Send logs to a bastion host