CompTIA CySA+ CS0-003 Practice Question
An organization's security team detects multiple unauthorized changes in the configuration files of a crucial server. Which of the following tools would BEST help identify who made the changes and when?
Domain Name Service (DNS) and Internet Protocol (IP) reputation tools
Security Information and Event Management (SIEM)
Packet capture tools
Endpoint Detection and Response (EDR)