Which component is primarily used for auditing and monitoring in security controls, as suggested by the material?

Enhance your preparation for the Federal IT Security Professional Test. Use quizzes, flashcards, and detailed explanations to ensure success. Stay ahead in the field of IT Security!

Multiple Choice

Which component is primarily used for auditing and monitoring in security controls, as suggested by the material?

Explanation:
Auditing and monitoring rely on a complete, time-stamped record of events across systems. Logs capture who did what, when, and where—authentication attempts, file and configuration changes, access to sensitive resources, and security events—providing the evidence needed for accountability, compliance, and post-incident analysis. Patches fix vulnerabilities and are not a source of ongoing event data for auditing. IDS and IDPS monitor activity and generate alerts, but they are primarily detection mechanisms; they don’t deliver the persistent, reviewable audit trail that logs provide. So the logs are the primary component used for auditing and monitoring in security controls.

Auditing and monitoring rely on a complete, time-stamped record of events across systems. Logs capture who did what, when, and where—authentication attempts, file and configuration changes, access to sensitive resources, and security events—providing the evidence needed for accountability, compliance, and post-incident analysis. Patches fix vulnerabilities and are not a source of ongoing event data for auditing. IDS and IDPS monitor activity and generate alerts, but they are primarily detection mechanisms; they don’t deliver the persistent, reviewable audit trail that logs provide. So the logs are the primary component used for auditing and monitoring in security controls.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy