As an IT administrator, you notice that unauthorized changes have been made to several important company files. To identify the party responsible for these changes, which practice would be the most effective?
Maintaining and reviewing logs
Enforcing frequent password changes for all user accounts
Maintaining and reviewing logs is the correct answer because logs track user activity, changes made to files, and system events. This information can be used to pinpoint when the unauthorized changes were made and by which user account, facilitating a proper investigation of the incident. It is an essential part of IT security to ensure accountability. Regular audits would involve reviewing such logs but they are not as direct in addressing the specific incident. Password changes, while important for security, would not directly reveal who made the file changes. Firewalls and backup restorations do not provide information about specific user activities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What kinds of logs should I maintain and review for security purposes?
Open an interactive chat with Bash
What are the benefits of performing regular system audits?
Open an interactive chat with Bash
Why are logs more effective for tracking unauthorized changes than relying on backups?