Certified Information Security Manager (CISM) — Question 662

Which of the following tools provides an incident response team with the GREATEST insight into insider threat activity across multiple systems?

Answer options

• A. An identity and access management (IAM) system
• B. A virtual private network (VPN) with multi-factor authentication
• C. A security information and event management (SIEM) system
• D. An intrusion prevention system (IPS)

Correct answer: C

Explanation

A security information and event management (SIEM) system is designed to aggregate and analyze security data from multiple sources, providing valuable insights into potential insider threats. The other options, while useful in their own rights, do not offer the same level of comprehensive visibility into system-wide activities as a SIEM does.