CompTIA
SY0-301 · Question #350
SY0-301 Question #350: Real Exam Question with Answer & Explanation
The correct answer is A: Routine log audits. Routine log audits regularly review system and security logs, which would have detected the unauthorized account creation event far sooner than two weeks after it occurred.
Question
Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?
Options
- ARoutine log audits
- BJob rotation
- CRisk likelihood assessment
- DSeparation of duties
Explanation
Routine log audits regularly review system and security logs, which would have detected the unauthorized account creation event far sooner than two weeks after it occurred.
Common mistakes.
- B. Job rotation is an administrative control that reduces fraud risk over time by cycling employees through roles, but it would not have detected a specific unauthorized account creation event.
- C. Risk likelihood assessment is a planning activity that evaluates the probability of threat events occurring and would not detect or alert on an actual unauthorized account addition.
- D. Separation of duties divides critical tasks among multiple individuals to prevent fraud but does not provide a mechanism for detecting unauthorized account creation after the fact.
Concept tested. Routine log auditing as a detective security control
Reference. https://csrc.nist.gov/publications/detail/sp/800-92/final
Community Discussion
No community discussion yet for this question.