Which items are typically monitored in an Audit Trail?

• A. Only login events
• B. Only data download events
• C. User actions, data viewed/shared, sources, destinations, and errors
• D. Only system configuration changes

Answer: (C)

An Audit Trail should capture a complete, end-to-end picture of activity: who performed what action, when, and on which data. It logs not only logins but all user actions such as accessing, viewing, editing, sharing, and exporting data, as well as the sources of that data, the destinations it moves to, and any errors that occur during access or transfer. This full scope supports accountability, security monitoring, and regulatory compliance, and it helps investigators reconstruct events.

Limiting monitoring to login events would miss the actual data usage; focusing only on data downloads would ignore viewing, sharing, and errors; focusing only on system configuration changes would miss user data activity and potential data leakage.