Certified Information Security Manager (CISM) — Question 243

An information security team is investigating an alleged breach of an organization's network. Which of the following would be the BEST single source of evidence to review?

Answer options

• A. File integrity monitoring (FIM) software
• B. Security information and event management (SIEM) tool
• C. Intrusion detection system (IDS)
• D. Antivirus software

Correct answer: B

Explanation

The correct answer is B, as a Security Information and Event Management (SIEM) tool aggregates and analyzes security data from across the network, providing comprehensive insights into potential breaches. While File Integrity Monitoring, IDS, and Antivirus software offer valuable data, they do not provide the same level of centralized analysis and correlation of events that a SIEM tool does.