An enterprise is deploying an online analytics tool from a remote provider. The security architect wants to identify unexpected system changes and unusual patterns promptly so the team can take action. Which approach best meets this requirement?
Separating workloads into distinct zones without continuous monitoring
Deploying a scanning solution that pulls event logs from critical hosts and triggers warnings for suspicious changes
Requiring credential rotation periodically for all users
Enforcing data-at-rest encryption while disabling comprehensive event monitoring
Collecting and analyzing event logs from important systems, coupled with timely alerts, provides swift information about suspicious behavior. Data encryption alone does not offer visibility into unexpected events. Regular credential rotation is beneficial for account hygiene but does not detect signs of intrusion in real time. Segmenting resources can limit lateral movement but does not notice abnormal alterations without continuous monitoring.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are event logs, and why are they important for security monitoring?
Open an interactive chat with Bash
How does a scanning solution detect suspicious changes in a system?
Open an interactive chat with Bash
Why is continuous monitoring critical in cybersecurity?