SY0-701 Question #529: Real Exam Question with Answer & Explanation

Question

A university employee logged on to the academic server and attempted to guess the system administrators' log-in credentials. Which of the following security measures should the university have implemented to detect the employee's attempts to gain access to the administrators' accounts?

Options

• ATwo-factor authentication
• BFirewall
• CIntrusion prevention system
• DUser activity logs

Explanation

User activity logs are the correct choice because they record what users do on a system - including failed login attempts - giving administrators a paper trail to detect when someone is trying to guess credentials they shouldn't have. Logs are a detective control: they don't stop the attack, but they reveal it happened.

Why the distractors are wrong:

• A. Two-factor authentication would make guessing harder to succeed, but it's a preventive control, not a detection mechanism - it wouldn't alert anyone that attempts were made.
• B. Firewall controls network traffic between systems/networks; it doesn't monitor what an already-logged-in internal user does on a server.
• C. Intrusion prevention system (IPS) is designed to detect and block network-based attacks from outside the perimeter - it typically won't flag an authenticated internal employee trying to access other accounts.

Memory tip: Match the control type to the scenario. The question asks what would detect the attempts - think "D for Detective = D for Data/logs." Logs are always the go-to answer when the threat is an insider and the goal is visibility, not prevention.

No community discussion yet for this question.