CompTIA CySA+ CS0-003 Practice Question
An organization's security team detects multiple unauthorized changes in the configuration files of a crucial server. Which of the following tools would BEST help identify who made the changes and when?
Endpoint Detection and Response (EDR)
Domain Name Service (DNS) and Internet Protocol (IP) reputation tools
Packet capture tools
Security Information and Event Management (SIEM)