nerdexam
(ISC)2

CISSP · Question #912

Which of the following MUST be in place to recognize a system attack?

The correct answer is C. Log analysis. Log analysis is crucial for recognizing a system attack. By monitoring and analyzing logs from various sources such as firewalls, intrusion detection systems (IDS), servers, and applications, security teams can detect patterns or anomalies that indicate a potential attack. Logs o

Submitted by paula_co· Mar 5, 2026Security Operations

Question

Which of the following MUST be in place to recognize a system attack?

Options

  • AStateful firewall
  • BDistributed antivirus
  • CLog analysis
  • DPassive honeypot

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    6% (2)
  • C
    88% (28)
  • D
    3% (1)

Explanation

Log analysis is crucial for recognizing a system attack. By monitoring and analyzing logs from various sources such as firewalls, intrusion detection systems (IDS), servers, and applications, security teams can detect patterns or anomalies that indicate a potential attack. Logs often provide detailed information about system behavior, user actions, and network activity that can help identify malicious behavior in real-time or during post-incident analysis. Key points about log analysis: It helps detect unusual activities such as failed login attempts, privilege escalations, or unexpected network traffic, which may indicate an attack. It is an essential part of a security information and event management (SIEM) system that helps organizations centralize and correlate logs for faster attack detection.

Topics

#Log analysis#System attack detection#Security monitoring#Incident response

Community Discussion

No community discussion yet for this question.

Full CISSP Practice