CompTIA Security+ (SY0-601) — Question 635

Which of the following is the first step to take when creating an anomaly detection process?

Answer options

• A. Selecting events
• B. Building a baseline
• C. Selecting logging options
• D. Creating an event log

Correct answer: B

Explanation

The correct answer is B, as building a baseline is essential for understanding normal behavior and identifying anomalies. The other options, while relevant to the overall process, do not establish the necessary reference point needed to detect deviations effectively.