Before enabling audit logging, what is an important consideration for administrators?

• A. The color of the logs.
• B. The impact on system performance and resource usage.
• C. Whether it is legal to log all activity without policy.
• D. Whether users will like the logging system.

Answer: (B)

Planning for audit logging revolves around the overhead it introduces. Enabling audit logs can consume extra CPU, memory, disk I/O, and network bandwidth as events are generated, written, and sometimes sent to a central system. Before turning on auditing, administrators should estimate the volume of events, determine retention and archival needs, and test the impact to ensure critical services aren’t slowed down. Mitigations like asynchronous or buffered logging, filtering to avoid excessive events, and proper log rotation and compression help manage resource usage, while centralized storage or tiered logging prevents local bottlenecks. This balance between security visibility and system performance is why this consideration is the best answer. Other options don’t address the practical operational impact of logging on system resources, policy needs, or user experience.