A server administrator is tasked with implementing a proactive security measure to detect and alert on unauthorized access to a database containing sensitive customer information in near real-time. The primary concern is identifying anomalous query patterns, such as an administrator account suddenly attempting to export an entire customer table. Which of the following mitigation strategies would be MOST effective in achieving this specific goal?
Scheduling nightly antivirus scans on the database server.
Implementing real-time analysis of database transaction logs.
Configuring host-based firewall rules to restrict database port access.
Enabling full disk encryption on the storage volumes hosting the database.
The correct answer is to implement real-time analysis of database transaction logs. This is a core data monitoring strategy that provides detailed insight into the specific queries and activities occurring within the database. It allows for the detection of anomalous behavior, such as unusually large data exports or access outside of normal business hours, and enables real-time alerting.
Configuring host-based firewall rules is a preventative measure that restricts network access to the database port but does not monitor the activity of authorized connections. Full disk encryption protects data at rest, meaning it is effective if the physical storage is stolen, but it does not protect data from being accessed or exfiltrated from a running system by a user with valid credentials. Scheduling nightly antivirus scans is a mitigation strategy against malware and is not designed to monitor or analyze database query patterns for insider threats or credential abuse.