Certified Information Security Manager (CISM) — Question 1240

For an organization that provides web-based services, which of the following security events would MOST likely initiate an incident response plan and be escalated to management?

Answer options

• A. Anti-malware alerts on several employees' workstations
• B. Several port scans of the web server
• C. Multiple failed login attempts on an employee's workstation
• D. Suspicious network traffic originating from the demilitarized zone (DMZ)

Correct answer: D

Explanation

Option D is correct because suspicious network traffic from the DMZ indicates a potential threat that could impact the organization's web services. The other options, while concerning, do not pose as immediate a risk to the organization’s infrastructure or require an urgent response at the management level.