A data analytics platform is using more resources than usual and connecting to external endpoints that were not previously observed. Production logs show no scheduled tasks or updates. Which method best evaluates whether this behavior is legitimate or suspicious?
Provide extra permissions to the service account for deeper system access and more detailed logging
Stop all outbound data transfers from the platform to eliminate questionable network activity
Install updates on the environment so new usage patterns are blocked by the latest security fixes
Assess how the current workload aligns with previously observed metrics and investigate logs for unauthorized actions
Comparing current data flows with a known usage baseline and reviewing logs for unexpected changes helps determine if the higher resource use and network connections are part of a planned expansion or a hidden threat. Installing patches is helpful for known weaknesses, but it does not confirm if unauthorized tasks are occurring in the application. Increasing privileges could mask harmful actions by letting them blend with legitimate processes. Restricting outbound communications could disrupt normal operations before verifying whether the surge is intentional.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a usage baseline in security monitoring?
Open an interactive chat with Bash
Why are comparing logs and baselines preferred over blocking all outbound data transfers?
Open an interactive chat with Bash
What risks are associated with giving extra permissions to service accounts for deeper analysis?