An enterprise is deploying an online analytics tool from a remote provider. The security architect wants to identify unexpected system changes and unusual patterns promptly so the team can take action. Which approach best meets this requirement?
Separating workloads into distinct zones without continuous monitoring
Enforcing data-at-rest encryption while disabling comprehensive event monitoring
Deploying a scanning solution that pulls event logs from critical hosts and triggers warnings for suspicious changes
Requiring credential rotation periodically for all users
Collecting and analyzing event logs from important systems, coupled with timely alerts, provides swift information about suspicious behavior. Data encryption alone does not offer visibility into unexpected events. Regular credential rotation is beneficial for account hygiene but does not detect signs of intrusion in real time. Segmenting resources can limit lateral movement but does not notice abnormal alterations without continuous monitoring.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are event logs, and why are they important in security monitoring?
Open an interactive chat with Bash
How does continuous monitoring differ from other security measures like credential rotation?
Open an interactive chat with Bash
What are the benefits of separating workloads into zones, and why is it insufficient without continuous monitoring?