Certified Information Security Manager (CISM) — Question 982

Which of the following controls would BEST help to detect a targeted attack exploiting a zero-day vulnerability?

Answer options

• A. Intrusion prevention system (IPS)
• B. Vulnerability scanning
• C. Endpoint detection and response (EDR)
• D. Extended detection and response (XDR)

Correct answer: D

Explanation

Extended detection and response (XDR) is designed to provide comprehensive visibility and automated response across multiple security layers, making it highly effective for detecting sophisticated threats such as zero-day attacks. In contrast, an Intrusion Prevention System (IPS) primarily focuses on preventing known threats, vulnerability scanning can identify weaknesses but not real-time exploitation, and Endpoint Detection and Response (EDR) is limited to endpoint devices without the broader context XDR provides.