An enterprise operates more than 10,000 servers across on-premises data centers and multiple cloud providers. The security team needs to minimize configuration drift and speed up audit reporting while using the least manual effort. According to best practices for automated compliance tracking in modern GRC and configuration-management tools, which technique BEST meets these requirements?
Deploy a compliance automation engine that continuously compares every server's configuration to an approved baseline and produces real-time deviation reports.
Rely on end users to self-report any configuration changes that might affect compliance posture.
Disable verbose audit logging on servers to improve performance and reduce the size of compliance reports.
Schedule quarterly manual inspections where administrators log in to a sample of servers and record their findings in spreadsheets.
Automated compliance engines that continuously compare each system against a centrally defined baseline immediately detect drift, eliminate many manual checks, and can generate audit-ready reports on demand. Manual spot checks, user self-reporting, or reducing logging either leave large gaps in coverage or actively undermine audit evidence, so they do not satisfy the stated goals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is configuration drift?
Open an interactive chat with Bash
How does a compliance automation engine work?
Open an interactive chat with Bash
What is a GRC tool, and how does it integrate with automated compliance?