A security team wants to identify suspicious actions performed by internal personnel in a large enterprise. Which approach is the BEST to detect abnormal patterns?
Scan workstation memory for suspicious executables
Compare staff file access and login activity to recognized norms
Automate IP address blocking for flagged network transmissions in the environment
Review firewall logs for connections from known malicious addresses
Comparing file access and login activity to recognized norms is effective for spotting changes in behavior. It draws on established patterns to highlight sudden shifts in access or login trends. The other suggestions center on threat detection from network or system perspectives, which can miss unusual personnel activity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are recognized norms in the context of file access and login activity?
Open an interactive chat with Bash
How do behavioral analytics help in detecting abnormal patterns?
Open an interactive chat with Bash
Why are other methods like scanning workstation memory or blocking IP addresses less effective for detecting insider threats?