Question 21
Domain 4: Security Operations, Monitoring, and Incident ResponseA security team needs to detect anomalous behavior in cloud workloads that may indicate compromise. Which monitoring approach is MOST effective for this use case?
Correct answer: B
Explanation
Behavioral analytics and UEBA are designed to identify deviations from normal activity, which is ideal for spotting compromise in cloud workloads. They analyze “user and entity behavior” to flag anomalies that signature-based monitoring may miss, making them effective for detecting suspicious patterns and potential threats.
Why each option is right or wrong
A. Manual review of logs weekly
B. Behavioral analytics and User and Entity Behavior Analytics (UEBA)
Behavioral analytics and UEBA are the right fit here because the question is about detecting deviations from a workload’s normal baseline, not matching known indicators. In practice, UEBA platforms score activity against learned patterns across users, hosts, and cloud entities, then alert on statistically unusual events such as atypical login times, impossible travel, unusual API calls, or abnormal data access that would not be caught by static signature rules.
C. Monitoring only login events
D. Relying on cloud provider status pages