What is the primary purpose of logging and monitoring in security?

• A. Only used for performance metrics
• B. Replacing the need for incident response
• C. Collecting security events and analyzing for anomalies
• D. Only storing event logs indefinitely

Answer: (C)

Logging and monitoring provide visibility into what’s happening across systems, with the aim of detecting unusual or unauthorized activity. By collecting security events from hosts, networks, applications, and security devices and then analyzing them—often through correlation, baselining normal behavior, and real-time alerts—you can spot anomalies that may indicate a threat and respond quickly. For example, a sudden surge of failed logins from an unfamiliar location followed by a successful access to sensitive data would raise a flag for investigation. This continuous process supports detecting, investigating, and containing incidents, not just measuring performance or replacing incident response. Logs also give evidence and context for investigations, but they aren’t an endless storage goal; retention is guided by privacy and compliance needs.