A data analytics platform is using more resources than usual and connecting to external endpoints that were not previously observed. Production logs show no scheduled tasks or updates. Which method best evaluates whether this behavior is legitimate or suspicious?
Assess how the current workload aligns with previously observed metrics and investigate logs for unauthorized actions
Stop all outbound data transfers from the platform to eliminate questionable network activity
Install updates on the environment so new usage patterns are blocked by the latest security fixes
Provide extra permissions to the service account for deeper system access and more detailed logging
Comparing current data flows with a known usage baseline and reviewing logs for unexpected changes helps determine if the higher resource use and network connections are part of a planned expansion or a hidden threat. Installing patches is helpful for known weaknesses, but it does not confirm if unauthorized tasks are occurring in the application. Increasing privileges could mask harmful actions by letting them blend with legitimate processes. Restricting outbound communications could disrupt normal operations before verifying whether the surge is intentional.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a usage baseline and why is it important in cybersecurity?
Open an interactive chat with Bash
How do production logs help in identifying unauthorized actions?
Open an interactive chat with Bash
Why might increasing privileges or blocking outbound data cause additional risks?