What data is typically captured in audit logs for document activity under UAP Document 301?

• A. Logs should capture user ID, timestamp, action, document ID, and affected data; retained per policy.
• B. Only the file size and last access time.
• C. Only the document name and owner.
• D. Passwords used to access the document.

Answer: (A)

Capturing a complete, traceable record of who did what and when is fundamental to auditing document activity. The data in logs should identify the user, the exact time of the event, what action was performed, which document was involved, and what data was affected. This combination provides a precise, auditable trail that makes it possible to reconstruct events, verify compliance, detect unauthorized activity, and maintain data integrity. It also aligns with policy-driven retention, ensuring logs are kept long enough to meet governance requirements.

The other options miss essential elements: noting only file size and last access time doesn’t reveal who acted or what changed; listing only document name and owner omits the specific action and the user responsible; and storing passwords in logs creates security risks and is not how credentials are handled.