SY0-301 · Question #774
The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?
The correct answer is D. Routine auditing. Routine auditing involves the regular, scheduled review of logs, events, alerts, and system activity. By establishing consistent audit reviews, administrators will discover incidents much sooner - ideally in near-real-time or at minimum within the audit cycle - rather than remain
Question
The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?
Options
- AUser permissions reviews
- BIncident response team
- CChange management
- DRoutine auditing
How the community answered
(37 responses)- A3% (1)
- C3% (1)
- D95% (35)
Explanation
Routine auditing involves the regular, scheduled review of logs, events, alerts, and system activity. By establishing consistent audit reviews, administrators will discover incidents much sooner - ideally in near-real-time or at minimum within the audit cycle - rather than remaining unaware for days or weeks. User permissions reviews focus on verifying access rights, not detecting incidents. An incident response team handles incidents after they are known but does not guarantee timely discovery. Change management governs how changes are introduced into the environment but does not surface security incidents. Regular log auditing and security monitoring are the controls that close the detection gap.
Topics
Community Discussion
No community discussion yet for this question.