Exam CISM topic 1 question 69 discussion

A would depend on the severity of the Anti-malware but does not relate to web-based services. Ports scans happen all of the time. Simeone in my DMZ where I house my web services would be the most concerning to me.

D. Suspicious network traffic originating from the demilitarized zone (DMZ) would MOST likely initiate an incident response plan and be escalated to management. The DMZ is a network segment that is typically used to host public-facing servers, such as web servers, and it is considered a high-risk area. Suspicious network traffic originating from the DMZ could indicate that an attacker has breached the perimeter and is attempting to move laterally through the network, or it could be a sign of a compromise of one of the organization's web-based services. This type of event would be considered a high-priority incident and would require a rapid response and escalation to management.

I'm manager and I would report the D to the management.. If everytime I have some alerts (just alerts, not verified) from anti-malware systems I have to report my management... I would be fired xD

Suspicious network traffic from the DMZ is a more serious and potentially indicative of a security breach or intrusion attempt. The DMZ is a critical part of the network that sits between the external (untrusted) network and the internal (trusted) network. Any suspicious activity from this zone should be treated with utmost seriousness as it may signify a direct attempt to breach the organization's perimeter defenses or compromise the web-based services.

Malware on the outside could mean anything. D is the way to go.

In the context of an organization providing web-based services, suspicious network traffic originating from the demilitarized zone (DMZ) would be most likely to initiate an incident response plan and be escalated to management. The DMZ is a critical security zone that separates the internal network from the external network, and unusual or suspicious traffic in this area could indicate a potential security incident that requires investigation and response.

In the context of a web-based service provider, suspicious network traffic from the demilitarized zone (DMZ) could indicate a potential security incident. The DMZ is a critical boundary zone that separates the internal network from the external internet-facing services. Any unusual or suspicious network activity originating from the DMZ, especially if it suggests unauthorized access or compromise, would typically warrant immediate attention and activation of the incident response plan. This type of event is often considered more critical and impactful than the other options listed. While the other events (anti-malware alerts, port scans, failed login attempts) may be noteworthy and could trigger certain security measures, suspicious network traffic from the DMZ is more likely to be viewed as a potential serious threat to the organization's web-based services.

They are trying to mislead you with web-based services. That doesn't mean that the company doesn't have their own IT infrastructure and malware on several employees' computers certainly qualifies to raising to an incident.

What is antimalware (anti-malware)? Antimalware is a type of software program created to protect information technology (IT) systems and individual computers from malicious software, or malware. Antimalware programs scan a computer system to prevent, detect and remove malware. D is obviously the answer.

D. Suspicious network traffic originating from the demilitarized zone (DMZ). Suspicious network traffic from the DMZ is a more serious and potentially indicative of a security breach or intrusion attempt. The DMZ is a critical part of the network that sits between the external (untrusted) network and the internal (trusted) network. Any suspicious activity from this zone should be treated with utmost seriousness as it may signify a direct attempt to breach the organization's perimeter defenses or compromise the web-based services. While the other events listed (A, B, and C) could be important and may require investigation, they are typically of lower severity compared to suspicious traffic from the DMZ. Anti-malware alerts, port scans, and failed login attempts are relatively common and may not necessarily indicate an ongoing security breach, although they should still be monitored and investigated as part of regular security operations.

clearly D look at the wording of the question, please don't post a vote until you do research

If its something its A . Although its irrelevant to web servers.

D. Suspicious network traffic originating from the demilitarized zone (DMZ). Suspicious network traffic originating from the DMZ can indicate unauthorized access attempts or potentially malicious activity targeting the organization's web-based services. This type of event raises concerns about the security and integrity of the web server and the potential impact on the organization's operations, data, and customer information.

No se escala nada hasta que no se valora , luego A

D. Suspicious network traffic originating from the demilitarized zone (DMZ)

Suspicious network traffic originating from the demilitarized zone (DMZ): Suspicious network traffic originating from the DMZ is a significant event that could indicate an attempted or ongoing attack on the organization's web-based services. This event would likely initiate an incident response plan and be escalated to management.

A is correct, in order to start incident response you have to be sure that there is an incident. Suspicious traffic needs to be checked first.