A security team is investigating repeated unauthorized internal logins and needs to detect suspicious changes in staff actions. Which method best identifies subtle anomalies in ongoing staff-related activity by referencing established baselines?
Record failed application authentications in a ticketing system for manual forensic review
Remove credentials for user accounts displaying any atypical actions
Analyze each individual’s routine access patterns and flag events that differ from typical behavior
Forward new signs of unauthorized connections to a malware database for automated scanning
User Behavior Analytics (UBA) detects anomalies by comparing current user behavior against established baselines. This method is especially effective in identifying subtle insider threats or account compromise, as it distinguishes between typical user patterns and suspicious deviations. External scanning or reactive measures do not offer the same behavioral insights.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is User Behavior Analytics (UBA)?
Open an interactive chat with Bash
Why are baselines important in User Behavior Analytics (UBA)?
Open an interactive chat with Bash
How does UBA differ from traditional malware detection?