CISSP · Question #772
Which of the following is the BEST reason to review audit logs periodically?
The correct answer is C. Identify anomalies in use patterns. Audit Log Review: Identifying Anomalies Periodically reviewing audit logs is best performed to identify anomalies in use patterns, because this is the primary security-driven purpose - detecting unusual behavior such as unauthorized access attempts, privilege escalation, or suspi
Question
Which of the following is the BEST reason to review audit logs periodically?
Options
- AVerify they are operating properly
- BMonitor employee productivity
- CIdentify anomalies in use patterns
- DMeet compliance regulations
How the community answered
(20 responses)- A5% (1)
- C85% (17)
- D10% (2)
Explanation
Audit Log Review: Identifying Anomalies
Periodically reviewing audit logs is best performed to identify anomalies in use patterns, because this is the primary security-driven purpose - detecting unusual behavior such as unauthorized access attempts, privilege escalation, or suspicious activity that could indicate a breach or insider threat. While verifying logs are operating properly (A) is a valid technical task, it relates to log management health rather than the core security benefit of reviewing log content. Monitoring employee productivity (B) is an HR function, not a security objective, and using audit logs for this purpose raises ethical and legal concerns. Meeting compliance regulations (D) may be a byproduct of log reviews, but compliance is the business requirement that mandates logging - not the underlying reason why reviewing them provides security value.
Memory Tip: Think of audit logs as a security camera recording - you don't primarily watch the footage to ensure the camera works or satisfy an inspector; you watch it to spot something that looks wrong. "Anomalies = the 'aha' moment" is why you review.
Topics
Community Discussion
No community discussion yet for this question.