Certified in Risk and Information Systems Control (CRISC) — Question 141

The analysis of which of the following will BEST help validate whether suspicious network activity is malicious?

Answer options

• A. Intrusion detection system (IDS) rules
• B. Penetration test reports
• C. Vulnerability assessment reports
• D. Logs and system events

Correct answer: D

Explanation

Logs and system events provide a detailed record of all activities occurring on the network, making them crucial for identifying and confirming malicious behavior. In contrast, IDS rules are preventive measures, penetration test reports assess security but may not capture live incidents, and vulnerability assessment reports identify potential weaknesses rather than actual malicious activity.