An enterprise operates more than 10,000 servers across on-premises data centers and multiple cloud providers. The security team needs to minimize configuration drift and speed up audit reporting while using the least manual effort. According to best practices for automated compliance tracking in modern GRC and configuration-management tools, which technique BEST meets these requirements?
Rely on end users to self-report any configuration changes that might affect compliance posture.
Schedule quarterly manual inspections where administrators log in to a sample of servers and record their findings in spreadsheets.
Disable verbose audit logging on servers to improve performance and reduce the size of compliance reports.
Deploy a compliance automation engine that continuously compares every server's configuration to an approved baseline and produces real-time deviation reports.
Automated compliance engines that continuously compare each system against a centrally defined baseline immediately detect drift, eliminate many manual checks, and can generate audit-ready reports on demand. Manual spot checks, user self-reporting, or reducing logging either leave large gaps in coverage or actively undermine audit evidence, so they do not satisfy the stated goals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are 'advanced tasks' in the context of large-scale system oversight?
Open an interactive chat with Bash
What is a 'baseline' in system compliance tracking?
Open an interactive chat with Bash
Why do some believe advanced tasks increase complexity, and how is this addressed?