Certified Information Systems Auditor (CISA) — Question 35

Which of the following would BEST detect that a distributed denial of service (DDoS) attack is occurring?

Answer options

• A. Server crashes
• B. Customer service complaints
• C. Penetration testing
• D. Automated monitoring of logs

Correct answer: D

Explanation

Automated monitoring of logs is the most effective way to detect a DDoS attack as it allows for real-time analysis of traffic patterns that can indicate an attack. Server crashes may be a consequence of a DDoS attack but do not provide proactive detection. Customer service complaints may arise from users experiencing issues but do not offer direct evidence of an attack. Penetration testing is typically a preventive measure rather than a detection method for ongoing attacks.