CompTIA CySA+ (CS0-003) — Question 456

A security analyst wants to implement new monitoring controls in order to find abnormal account activity for traveling employees. Which of the following techniques would deliver the expected results?

Answer options

• A. Malicious command interpretation
• B. Network monitoring
• C. User behavior analysis
• D. SSL inspection

Correct answer: C

Explanation

User behavior analysis is effective for identifying abnormal account activity because it establishes a baseline of normal user behavior and can detect deviations from this pattern. The other options, such as network monitoring and SSL inspection, focus on different aspects of security and do not specifically analyze user behavior for anomalies.