🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional123 / 129
Question 123 of 129

A security operations team wants to detect a scenario where a long-tenured database administrator, using legitimate credentials, begins accessing customer records at 3 a.m. and downloading volumes far larger than their historical norm. Signature-based tools and standard SIEM correlation rules have not flagged the activity because no policy violation or known malicious signature is triggered. Which capability would MOST effectively identify this behavior?

Reviewed for accuracy · Report an issueNext question