A technical team notices repeated attempts to bypass user validation. Which measure helps track suspicious actions back to specific individuals by providing precise records of each activity performed?
Focus event storage on login failures to reduce disk usage
Generate a periodic summary of events at the end of each month with aggregated usage statistics
Eliminate records older than a day to maintain a minimal data footprint
Include unique user references in each record, alongside time details for every activity
Capturing a unique user reference and the time of each event in the records provides a detailed timeline that pinpoints who performed what action. This method offers investigators enough data to detect repeated unauthorized attempts and trace activity back to the responsible user. Limiting records, deleting them too soon, or creating only high-level summaries hinders effective correlation during investigations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of capturing unique user references in activity logs?
Open an interactive chat with Bash
Why is it important to record time details for each activity in logs?
Open an interactive chat with Bash
What are the risks of relying on aggregated summaries instead of detailed logs?