During a security audit, a consulting firm notices inconsistencies between the documentation and the environment. Which of the following can keep a record of who made the changes and what the changes are?

Network access control focuses on managing and restricting network access based on predetermined security policies. While it can prevent unauthorized access to the network, it does not track specific changes made to configurations or document who initiated those changes. Thus, it lacks the necessary auditing capabilities for change management.

The Zero Trust model emphasizes strict access controls and verification processes for users trying to access resources, assuming that threats could be internal or external. However, while it enhances security, it does not inherently provide logging or tracking of configuration changes. Therefore, it does not fulfill the requirement of documenting who made changes or what those changes were.

Syslog is a standard for message logging that can capture various system events and activities. Although it can log events related to configuration changes, it does not inherently provide a structured way to track who made specific changes or the details of those changes. It is more of a general logging mechanism rather than a dedicated configuration monitoring solution.