CISSP · Question #812
Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
The correct answer is C. Periodic log reviews. Periodic log reviews are the primary mechanism for identifying operational issues, misconfigurations, and attacks by analyzing recorded system and network events over time.
Question
Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
Options
- APolicy documentation review
- BAuthentication validation
- CPeriodic log reviews
- DInterface testing
How the community answered
(26 responses)- A4% (1)
- B8% (2)
- C88% (23)
Why each option
Periodic log reviews are the primary mechanism for identifying operational issues, misconfigurations, and attacks by analyzing recorded system and network events over time.
Policy documentation review assesses whether written policies are complete and up to date, but does not actively detect live operational problems, misconfigurations, or attacks occurring in the environment.
Authentication validation verifies that authentication mechanisms are functioning correctly, but it is a narrow, targeted check that does not broadly identify security misconfigurations or malicious activity across systems.
Periodic log reviews involve systematically examining logs from systems, applications, firewalls, and security devices to detect anomalies, failed authentication attempts, policy violations, and indicators of compromise. Logs provide a historical record that can reveal patterns of misuse, misconfiguration symptoms, and active or past malicious activity that other point-in-time checks would miss. This makes log review a foundational security monitoring and operational assurance practice in frameworks like NIST SP 800-92.
Interface testing evaluates the functionality and connectivity of network or application interfaces, but it is not designed to detect security misconfigurations or identify malicious attack patterns.
Concept tested: Log review for security monitoring and incident detection
Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
Topics
Community Discussion
No community discussion yet for this question.