Your organization has adopted a new cloud-based resource management system and needs to detect abnormal usage after trust permissions are modified. Which approach is the BEST for achieving comprehensive reviews?
Use an external sensor to monitor inbound traffic and skip system activity logs to reduce overhead
Centralize data from multiple resources and analyze it regularly for patterns and correlations
Keep host logs on local servers and review them periodically in large batches
Focus on logs from less privileged components and exclude sessions with elevated privileges
Collecting logs from various sources and storing them in one location makes it easier to correlate and detect anomalies. Periodic large-batch reviews or excluding key logs narrow visibility into owner-level and critical network activities. Gathering data from minimal components or ignoring internal-system events leaves potential threats hidden.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is centralizing data from multiple resources important for detecting anomalies?
Open an interactive chat with Bash
What are some tools typically used for centralized data analysis?
Open an interactive chat with Bash
How does correlating data from various sources improve detection of abnormal usage?