A network administrator is unable to identify the root cause of a network incident because insufficient evidence about the threat actor’s actions was logged. The administrator notes that the server receiving and storing the events was not compromised by any attack and is properly communicating with all network devices.
Which of the following can the administrator employ to improve network access accountability?
A . Activate the audit logs on the network server and resources.
B . Configure SNMP on the network server.
C . Deploy a central SIEM server into the network.
D . Collect traffic statistics from the servers using NetFlow data.
Answer: C