Which of the following actions directly supports detecting anomalies in network traffic?

Traffic baseline analysis is a critical action for detecting anomalies in network traffic because it involves monitoring and establishing a baseline of normal network behavior over time. By understanding what constitutes normal traffic patterns—such as the types of traffic, volume, and behavior—security analysts can more effectively recognize deviations that may indicate suspicious activities, security breaches, or other anomalies.

This practice helps create a reference point against which current traffic can be compared. When anomalies occur, they can trigger alerts, leading to further investigation. Without baseline analysis, it becomes challenging to differentiate between normal fluctuations in traffic and genuine security threats.

In contrast, regular software updates, network segmentation, and user access reviews are important security practices but do not directly focus on the detection of anomalies in network traffic. Regular software updates maintain system security and patch vulnerabilities; network segmentation restricts access and limits potential damage in the event of a breach; and user access reviews ensure that permissions are appropriately assigned and adhere to least privilege principles. While these actions contribute to overall network security, they do not specifically aim to identify anomalous network behaviors as traffic baseline analysis does.