Which of the following is a proactive security technique?

Conducting penetration testing is considered a proactive security technique because it involves simulating an attack on a system to identify vulnerabilities before they can be exploited by malicious actors. This approach allows organizations to take preemptive action by strengthening their defenses based on the findings from the penetration tests. By discovering and addressing weaknesses in the system proactively, organizations can mitigate potential security incidents before they occur.

In contrast, monitoring logs for suspicious activity and waiting for security alerts are reactive measures. They involve responding to events after they happen. While monitoring and alerting are crucial for security, they do not prevent attacks from occurring. Conducting regular employee training, while important for raising awareness and improving overall security posture, is also considered a preventive measure rather than a direct proactive technical assessment like penetration testing.