CompTIA Security+ (SY0-501) — Question 353

Joe, a member of the sales team, recently logged into the company servers after midnight local time to download the daily lead form before his coworkers did.
Management has asked the security team to provide a method for detecting this type of behavior without impeding the access for sales employee as they travel overseas.
Which of the following would be the BEST method to achieve this objective?

Answer options

• A. Configure time-of-day restrictions for the sales staff.
• B. Install DLP software on the devices used by sales employees.
• C. Implement a filter on the mail gateway that prevents the lead form from being emailed.
• D. Create an automated alert on the SIEM for anomalous sales team activity.

Correct answer: D

Explanation

The correct answer is D because creating an automated alert on the SIEM allows for real-time monitoring and detection of unusual login times without restricting access. Option A would limit access based on time, which could hinder sales staff traveling internationally. Option B does not directly address the issue of detecting login times, and option C does not prevent the behavior being monitored.