Certified Information Security Manager (CISM) — Question 848
An organization is the victim or a targeted attack and is unaware of the compromise until a security analyst notices an additional user account on the firewall. The implementation of which of the following would have detected the incident?
Answer options
- A. Web-application firewall
- B. Security information and event management (SIEM)
- C. Data leakage prevention (DLP)
- D. Network access control
Correct answer: B
Explanation
The correct answer is B, as a Security Information and Event Management (SIEM) system is designed to analyze security alerts and log data, which would likely have flagged the unauthorized account. The other options, while beneficial for other security measures, do not specifically provide the same level of monitoring and alerting for user accounts and access events.