CISSP · Question #963
Which type of log collection is focused on detecting and responding to attacks, malware infection, and data theft?
The correct answer is C. Security. Security log collection is specifically designed to monitor and detect threats such as attacks, malware infections, and data theft. It focuses on identifying malicious activity and enabling incident response.
Question
Options
- AIntrusion detection
- BOperational
- CSecurity
- DCompliance
How the community answered
(33 responses)- A3% (1)
- C94% (31)
- D3% (1)
Why each option
Security log collection is specifically designed to monitor and detect threats such as attacks, malware infections, and data theft. It focuses on identifying malicious activity and enabling incident response.
Intrusion detection is a security control mechanism (IDS/IPS), not a category of log collection; it is a tool that may consume security logs rather than a log collection type itself.
Operational log collection focuses on system health, performance, uptime, and availability-not on detecting or responding to security threats like malware or data theft.
Security log collection is purpose-built to capture events related to cyber threats, including intrusion attempts, malware activity, and unauthorized data access. It provides the visibility needed for security operations teams to detect, investigate, and respond to incidents. This type of logging feeds into SIEM systems and SOC workflows focused on threat detection and response.
Compliance log collection is oriented toward meeting regulatory requirements and audit trails (e.g., PCI-DSS, HIPAA), not specifically on detecting attacks or malicious activity in real time.
Concept tested: Security log collection purpose and threat detection focus
Source: https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources
Topics
Community Discussion
No community discussion yet for this question.