A large technology firm deploys a new identity system that captures repeated failed authentications, user account updates, and suspicious remote connections. For investigations and compliance, an analyst wants to retain these details for one year. Which solution best meets this objective to consolidate and safeguard the collected data?
Implement a single aggregator that receives event data from each relevant source and enforces extended retention policies
Use ephemeral containers for real-time checks and remove captured material after 24 hours
Generate summaries of user activity at intervals and discard full details after reviews
Rely on decentralized watchers that store data locally on each system without archiving
A centralized aggregator that collects logs from various systems and enforces a unified retention policy provides the most reliable solution for investigation and compliance. This setup ensures comprehensive data visibility, simplifies correlation across systems, and enables long-term storage. By contrast, decentralized or short-lived logging mechanisms increase the risk of data loss, reduce traceability, and complicate forensic investigations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a centralized aggregator, and why is it important in log management?
Open an interactive chat with Bash
What are retention policies, and how do they contribute to compliance?
Open an interactive chat with Bash
What challenges arise with decentralized logging systems in forensic investigations?