nerdexam
CompTIA

SY0-301 · Question #774

The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?

The correct answer is D. Routine auditing. Routine auditing involves the regular, scheduled review of logs, events, alerts, and system activity. By establishing consistent audit reviews, administrators will discover incidents much sooner - ideally in near-real-time or at minimum within the audit cycle - rather than remain

Security operations

Question

The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?

Options

  • AUser permissions reviews
  • BIncident response team
  • CChange management
  • DRoutine auditing

How the community answered

(37 responses)
  • A
    3% (1)
  • C
    3% (1)
  • D
    95% (35)

Explanation

Routine auditing involves the regular, scheduled review of logs, events, alerts, and system activity. By establishing consistent audit reviews, administrators will discover incidents much sooner - ideally in near-real-time or at minimum within the audit cycle - rather than remaining unaware for days or weeks. User permissions reviews focus on verifying access rights, not detecting incidents. An incident response team handles incidents after they are known but does not guarantee timely discovery. Change management governs how changes are introduced into the environment but does not surface security incidents. Regular log auditing and security monitoring are the controls that close the detection gap.

Topics

#routine auditing#incident detection#security monitoring#audit logs

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice