Why is it important to enable event log storage on a system immediately after it is installed?

Why is it important to enable event log storage on a system immediately after it is installed?
A . To allow system to be restored to a known good state if it is compromised
B . To create the ability to separate abnormal behavior from normal behavior during an incident
C . To compare it performance with other systems already on the network
D . To identify root kits included on the system out of the box

View Answer

Answer: B