Which area should a DBA analyze to detect unauthorized access attempts?

• A. Network bandwidth usage
• B. Database schema changes
• C. System log files
• D. User activity reports

Answer: (C)

To detect unauthorized access attempts, analyzing system log files is crucial. System log files contain records of events that occur within the database and the system it runs on. This includes authentication attempts, access times, and specific actions taken by users. By scrutinizing these logs, a DBA can identify unusual patterns, such as repeated failed login attempts, access at odd hours, or attempts from unrecognized IP addresses, which are potential indicators of unauthorized access.

In contrast, options like network bandwidth usage, database schema changes, and user activity reports, while useful for different aspects of database management and security, do not provide the same level of detail regarding access attempts. Network bandwidth might show spikes in activity but won't pinpoint whether that activity is legitimate or unauthorized. Database schema changes may indicate alterations made to the database structure, but they don’t specifically relate to access attempts. User activity reports can offer insights into what actions users are taking but may miss critical details regarding unauthorized login attempts. Thus, system log files provide the most direct and actionable information for identifying potential security breaches concerning access to the database.