Certified Information Security Manager (CISM) — Question 860

Which or the following is the BEST way to monitor for advanced persistent threats (APT) in an organization?

Answer options

• A. Browse the Internet to learn of potential events.
• B. Search for threat signatures in the environment.
• C. Search for anomalies in the environment.
• D. Network with peers in the industry to share information.

Correct answer: C

Explanation

The correct answer is C, as monitoring for anomalies can reveal unusual patterns that indicate the presence of APTs. While searching for threat signatures (B) is important, it may not capture unknown or new threats. Browsing the Internet (A) and networking with peers (D) are helpful for general awareness but do not provide direct monitoring capabilities.