While reviewing access logs, a security team discovers an account with privileges transferring restricted files to a cloud repository. The team suspects an internal data leak. Which action is most effective at confirming unauthorized file movements by the account in question?
Remove administrative privileges for every user in the department
Review recent access logs for that account and compare them to historical usage trends
Install a new operating system on the workstation used by the account
Block all outgoing connections from the office network
Comparing the account’s current activity against its historical usage patterns can reveal suspicious differences that suggest misconduct. Blocking or removing privileges may disrupt legitimate operations and does not confirm the nature of past data transfers. External traffic measures also do not verify whether the account was involved in copying sensitive information.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What types of patterns should be analyzed when comparing access logs to historical usage?
Open an interactive chat with Bash
What tools can be used to track and analyze historical access patterns?
Open an interactive chat with Bash
Why is analyzing historical usage better than immediately blocking or removing privileges in suspected cases?