A technical team notices repeated attempts to bypass user validation. Which measure helps track suspicious actions back to specific individuals by providing precise records of each activity performed?
Generate a periodic summary of events at the end of each month with aggregated usage statistics
Focus event storage on login failures to reduce disk usage
Eliminate records older than a day to maintain a minimal data footprint
Include unique user references in each record, alongside time details for every activity
Capturing a unique user reference and the time of each event in the records provides a detailed timeline that pinpoints who performed what action. This method offers investigators enough data to detect repeated unauthorized attempts and trace activity back to the responsible user. Limiting records, deleting them too soon, or creating only high-level summaries hinders effective correlation during investigations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to include unique user references in activity records?
Open an interactive chat with Bash
What types of security incidents can be identified by tracking timestamps and user activity logs?
Open an interactive chat with Bash
Why is deleting records older than a day a risk in security monitoring?