Exam CRISC topic 1 question 538 discussion

Answer is D. Implementing automated log monitoring The key word in this question is "detect." The answer given is incorrect. A pen test will not detect an APT. Pen testing is to find exploitable vulnerabilities in your network. It doesn't tell you if you have already by compromised by an APT. C. Utilizing antivirus systems and firewalls is also incorrect. AV may detect, but firewall is a preventative measure. An APT would not likely be detected by AV. APT are very advanced hackers, and probably use advanced technics - not script kiddie stuff that AV would detect. The correct answer is D. Implementing automated log monitoring. SIEM would correlate logs from multiple systems and analyze them. Of all the possible answer, this is the best way to detect APT.

Out of the given options, the BEST control to detect an APT is implementing automated log monitoring (Option D). Implementing automated log monitoring: Automated log monitoring is the BEST control for detecting an APT. APT attacks are designed to remain undetected for long periods, and they often leave subtle signs of their presence in the network logs. Automated log monitoring can help identify these signs by analyzing network logs for unusual patterns of activity or behavior. It can also help identify insider threats and detect data exfiltration attempts. In summary, while all the given options can help strengthen the security posture of an organization, the best control to detect an APT is implementing automated log monitoring.

D. Implementing automated log monitoring. The best control to detect an advanced persistent threat (APT) is to implement automated log monitoring. Advanced persistent threats are sophisticated and often stealthy attacks that aim to maintain a persistent presence within a network over an extended period of time. These attacks can be challenging to detect using traditional security measures alone. Automated log monitoring involves continuously analyzing and correlating system logs, network traffic, and other relevant data sources for unusual or suspicious activities. This control can help identify indicators of compromise, abnormal behavior, or patterns consistent with APTs, making it an effective measure for early detection and response.

Between "C" and "D" going with "D", SIEM can detect some signs of APT attacks Antivirus/FW could detect some types but they are not designed to do so

Going with D. Log monitoring is how you detect the APT. Penetration testing is how you identify vulnerabilities an APT could exploit.

Will go with D, as other option not fulfill the detection of APT

I go for c

I will go with D, since APT is a continuous persistent attack that need the automated log monitoring.

Penetration test does not detect APTs. The answer is C. Utilizing antivirus systems and firewalls. Antivirus may detect the APT as malicious software and firewalls may detect the traffic APT are generating to connect to command and control outside the organization.