Certified Information Systems Security Professional (CISSP) — Question 317

Which of the following techniques is MOST useful when dealing with advanced persistent threat (APT) intrusions on live virtualized environments?

Answer options

• A. Memory forensics
• B. Logfile analysis
• C. Reverse engineering
• D. Antivirus operations

Correct answer: A

Explanation

Memory forensics is critical for analyzing live virtualized environments as it allows for the examination of volatile memory, which can reveal active threats and their behaviors. Logfile analysis, reverse engineering, and antivirus operations are useful in different contexts but do not provide the same level of immediate insight into the live state of an APT intrusion.