Certified Information Systems Auditor (CISA) — Question 47

Which of the following BEST facilitates detection of zero-day exploits?

Answer options

• A. Anti-malware software
• B. User behavior analytics
• C. Intrusion detection systems (IDS)
• D. Intrusion prevention systems (IPS)

Correct answer: B

Explanation

User behavior analytics (B) is effective in detecting zero-day exploits because it can identify unusual patterns of behavior that may indicate an exploit is occurring. In contrast, anti-malware software (A) often relies on known signatures and may not catch unknown threats, while intrusion detection systems (IDS) (C) and intrusion prevention systems (IPS) (D) are also limited by their reliance on known attack patterns.