nerdexam
GIAC

GSEC · Question #269

GSEC Question #269: Real Exam Question with Answer & Explanation

The correct answer is D. Loss of service on critical assets. Real-time log evaluation is reserved for events requiring immediate response, such as loss of service on critical assets, where delayed detection causes direct operational harm.

Question

Which of the following logging tasks should be evaluated in real-time?

Options

  • AInside and perimeter log trends review
  • BRoutine account creation/removal
  • CLog management system performance
  • DLoss of service on critical assets

Explanation

Real-time log evaluation is reserved for events requiring immediate response, such as loss of service on critical assets, where delayed detection causes direct operational harm.

Common mistakes.

  • A. Perimeter and inside log trend reviews are analytical tasks performed periodically, not in real-time, because trends require historical data accumulation before patterns become meaningful.
  • B. Routine account creation and removal is a scheduled administrative activity that poses no immediate operational threat and is appropriate for periodic batch review.
  • C. Log management system performance is typically monitored on a scheduled basis using capacity and health dashboards rather than requiring continuous real-time alerting.

Concept tested. Real-time vs. periodic log monitoring prioritization

Reference. https://csrc.nist.gov/publications/detail/sp/800-92/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice