Certified Information Systems Security Professional – CISSP – Question262

Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?

A.
Logging and audit trail controls to enable forensic analysis
B. Security incident response lessons learned procedures
C. Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system
D. Transactional controls focused on fraud prevention

Correct Answer: C