Your organization has adopted a new cloud-based resource management system and needs to detect abnormal usage after trust permissions are modified. Which approach is the BEST for achieving comprehensive reviews?
Focus on logs from less privileged components and exclude sessions with elevated privileges
Use an external sensor to monitor inbound traffic and skip system activity logs to reduce overhead
Keep host logs on local servers and review them periodically in large batches
Centralize data from multiple resources and analyze it regularly for patterns and correlations
Collecting logs from various sources and storing them in one location makes it easier to correlate and detect anomalies. Periodic large-batch reviews or excluding key logs narrow visibility into owner-level and critical network activities. Gathering data from minimal components or ignoring internal-system events leaves potential threats hidden.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is centralizing data from multiple resources important for anomaly detection?
Open an interactive chat with Bash
What are the risks of excluding elevated-privilege session logs in security reviews?
Open an interactive chat with Bash
How does ignoring internal-system activity logs affect threat detection?