A server administrator is tasked with implementing a proactive security measure to detect and alert on unauthorized access to a database containing sensitive customer information in near real-time. The primary concern is identifying anomalous query patterns, such as an administrator account suddenly attempting to export an entire customer table. Which of the following mitigation strategies would be MOST effective in achieving this specific goal?
Implementing real-time analysis of database transaction logs.
Enabling full disk encryption on the storage volumes hosting the database.
Configuring host-based firewall rules to restrict database port access.
Scheduling nightly antivirus scans on the database server.
The correct answer is to implement real-time analysis of database transaction logs. This is a core data monitoring strategy that provides detailed insight into the specific queries and activities occurring within the database. It allows for the detection of anomalous behavior, such as unusually large data exports or access outside of normal business hours, and enables real-time alerting.
Configuring host-based firewall rules is a preventative measure that restricts network access to the database port but does not monitor the activity of authorized connections. Full disk encryption protects data at rest, meaning it is effective if the physical storage is stolen, but it does not protect data from being accessed or exfiltrated from a running system by a user with valid credentials. Scheduling nightly antivirus scans is a mitigation strategy against malware and is not designed to monitor or analyze database query patterns for insider threats or credential abuse.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are database transaction logs?
Open an interactive chat with Bash
How does real-time analysis of logs detect unauthorized access?
Open an interactive chat with Bash
Why are other mitigation strategies less effective in this scenario?