A security team wants to identify suspicious actions performed by internal personnel in a large enterprise. Which approach is the BEST to detect abnormal patterns?
Scan workstation memory for suspicious executables
Review firewall logs for connections from known malicious addresses
Automate IP address blocking for flagged network transmissions in the environment
Compare staff file access and login activity to recognized norms
Comparing file access and login activity to recognized norms is effective for spotting changes in behavior. It draws on established patterns to highlight sudden shifts in access or login trends. The other suggestions center on threat detection from network or system perspectives, which can miss unusual personnel activity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to compare staff file access and login activity to recognized norms?
Open an interactive chat with Bash
How are abnormal patterns detected in login and file access activities?
Open an interactive chat with Bash
What are examples of suspicious behaviors that may indicate insider threats?