Certified Information Security Manager (CISM) — Question 113

Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:

Answer options

• A. web surfing controls
• B. packet filtering
• C. application awareness
• D. log monitoring

Correct answer: D

Explanation

Log monitoring is essential as it allows for the review of firewall logs to detect any suspicious activity that could indicate a breach. While web surfing controls, packet filtering, and application awareness contribute to overall security, they do not provide the same level of insight into past incidents as log monitoring does.