As an IT administrator, you notice that unauthorized changes have been made to several important company files. To identify the party responsible for these changes, which practice would be the most effective?
Maintaining and reviewing logs
Implementing stricter firewall rules
Performing regular system audits
Restoring the files from the most recent backup
Enforcing frequent password changes for all user accounts
Maintaining and reviewing logs is the correct answer because logs track user activity, changes made to files, and system events. This information can be used to pinpoint when the unauthorized changes were made and by which user account, facilitating a proper investigation of the incident. It is an essential part of IT security to ensure accountability. Regular audits would involve reviewing such logs but they are not as direct in addressing the specific incident. Password changes, while important for security, would not directly reveal who made the file changes. Firewalls and backup restorations do not provide information about specific user activities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What types of logs should I maintain and review to track user activity?
Open an interactive chat with Bash
How often should logs be reviewed for optimal security?
Open an interactive chat with Bash
What is the difference between maintaining logs and performing system audits?