What action should a tester recommend to address logging of sensitive data in a cloud system?

Protecting sensitive data in logs by filtering what gets recorded and securing where logs are stored. The best approach is to adjust logging configurations to exclude sensitive data and ensure logs are stored securely. Redacting or not logging sensitive fields (like credentials, tokens, PII, and other confidential information) minimizes what could be exposed if logs are accessed by unauthorized parties. At the same time, protect logs in transit and at rest with encryption, enforce strict access controls, and use centralized, tamper-evident storage managed by proper key management. This combination gives visibility for troubleshooting while reducing risk from log exposure. In contrast, increasing log verbosity can reveal more sensitive data, storing logs on an unsecured shared drive creates easy access points for attackers, and encrypting while keeping all data in logs still leaves sensitive information readable in the logs themselves.