Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?
Continuous log monitoring: This helps detect and alert on suspicious activities in real time, but by itself, does not provide the comprehensive evidence gathering and analysis that forensics does.
Computer forensics is the BEST approach to determine what activities and changes have occurred on a system during a cybersecurity incident. It involves the systematic collection, analysis, and preservation of digital evidence to:
Understand the scope of the incident.
Reconstruct the sequence of events.
Identify the attacker’s activities and the impact of their actions.
Computer forensics is specifically designed to analyze systems post-incident, making it the most appropriate choice for investigating and understanding cybersecurity incidents.
D- for changes that have occurred and already in the systems can only be found through forensics. C- would enable only current state monitoring
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
yottabyte
Highly Voted 9 months, 2 weeks agomih
Most Recent 6 days, 11 hours agomb141
6 months, 2 weeks agoshootnot
8 months, 2 weeks ago