The best answer is C. Apply aggregation.
In Security+ logging and monitoring concepts, log aggregation means collecting logs from multiple systems and centralizing them in one place, often for use by a SIEM or another monitoring platform. This improves the speed and efficiency of searches because analysts do not need to query many separate devices or locations individually. Centralized logs are much easier to index, correlate, and search quickly.
Why the other options are not the best choice:
A. Conduct deduplicationDeduplication reduces repeated data and may save storage space, but it is primarily a storage-efficiency method. It does not directly provide the best improvement for fast searching across logs.
B. Conduct archivingArchiving is used for long-term retention, but archived logs are usually moved out of readily searchable live storage. This would not support the requirement for the shortest search time frame.
D. Apply compressionCompression saves storage capacity, but compressed logs may require decompression or additional processing before review. This does not best support the need for the fastest searches.
From a Security+ perspective, when the goal is rapid log review, correlation, and search performance, aggregation is the strongest answer because it supports centralized monitoring and efficient analysis of live logs over the retention period.
