Certified Information Security Manager (CISM) — Question 958

Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?

Answer options

• A. Penetration testing
• B. Root cause analysis
• C. Continuous log monitoring
• D. Computer forensics

Correct answer: D

Explanation

Computer forensics is the most effective method as it involves the systematic collection, preservation, and analysis of digital evidence, allowing for a thorough investigation of incidents. While penetration testing identifies vulnerabilities, root cause analysis focuses on understanding why an incident occurred, and continuous log monitoring provides real-time data but does not conduct a detailed investigation.