Which of the following are critical questions that must be addressed when developing a log analysis policy? (Choose all that apply.)
a. What anomalies should trigger immediate alerts?
b. How long must the deviation occur before registering an anomaly?
c. How much of a deviation from the norm represents an anomaly?
d. What is the impact of the logging on system performance?
Answer:
a. What anomalies should trigger immediate alerts?,
b. How long must the deviation occur before registering an anomaly?,
c. How much of a deviation from the norm represents an anomaly?