Certified Information Security Manager (CISM) — Question 20

Which of the following BEST enables the detection of advanced persistent threats (APTs)?

Answer options

• A. Vulnerability scanning
• B. Security information and event management system (SIEM)
• C. Internet gateway filtering
• D. Periodic reviews of intrusion prevention system (IPS)

Correct answer: B

Explanation

A Security Information and Event Management (SIEM) system is designed to analyze and correlate security data from various sources, making it the best tool for detecting advanced persistent threats (APTs). Vulnerability scanning, internet gateway filtering, and periodic reviews of IPS do not provide the comprehensive monitoring and analysis needed to identify sophisticated threats like APTs.