CISSP · Question #308
Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?
The correct answer is A. Logging and audit trail controls to enable forensic analysis. Logging and audit trail controls are designed to record and monitor the activities and events that occur on a system or network. They can provide valuable information for forensic analysis, such as the source, destination, time, and type of an event, the user or process involved,
Question
Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?
Options
- ALogging and audit trail controls to enable forensic analysis
- BSecurity incident response lessons learned procedures
- CSecurity event alert triage done by analysts using a Security Information and Event Management
- DTransactional controls focused on fraud prevention
How the community answered
(42 responses)- A79% (33)
- B2% (1)
- C7% (3)
- D12% (5)
Explanation
Logging and audit trail controls are designed to record and monitor the activities and events that occur on a system or network. They can provide valuable information for forensic analysis, such as the source, destination, time, and type of an event, the user or process involved, the data or resources accessed or modified, and the outcome or status of the event. Logging and audit trail controls can help identify the cause, scope, impact, and timeline of an attack, as well as the evidence and artifacts left by the attacker. They can also help determine the effectiveness and gaps of the preventive and detective controls, and support the incident response and recovery processes. Logging and audit trail controls should be configured, protected, and reviewed according to the organizational policies and standards, and comply with the legal and regulatory
Topics
Community Discussion
No community discussion yet for this question.