A server at an organization has resource usage that is two times higher than usual, even though past data shows a consistent trend. Which measure is most effective for hunting suspicious activity in this situation?
Reboot the system once a day to eliminate elevated resource utilization and reinstate typical operations
Enable new multifactor requirements for everyone using the application on that server
Run a rapid ad-hoc vulnerability scan after restricting all outbound server traffic
Review event logs alongside normal performance data to locate unexpected processes linked with the spike
Comparing historical trends with current usage and examining related logs helps detect unusual account or system activity. Examining logs in tandem with normal patterns offers insight into whether the spike arises from malicious processes or a legitimate demand. Other options focus on unrelated controls or assume that specific short-term measures alone provide full coverage for hidden issues.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are event logs important for detecting suspicious activity?
Open an interactive chat with Bash
How can I establish normal performance trends for comparison?
Open an interactive chat with Bash
What are some examples of 'unexpected processes' to look for in logs?