Last Updated on November 17, 2023 by InfraExam
Which of the following does an organization use to identify security gaps in the most complete manner?
- incident response reporting
- SIEM logs showing illegal log-in attempts
- security audits
- IPS logs showing endpoint attempts to contact external command and control servers
|Explanation & Hint:
Among the options provided, security audits are typically used by organizations to identify security gaps in the most complete manner.
- Incident Response Reporting: While incident response reporting is essential for addressing and documenting security incidents, it primarily focuses on post-incident activities and may not comprehensively identify all security gaps.
- SIEM Logs Showing Illegal Log-In Attempts: SIEM logs showing illegal log-in attempts are valuable for monitoring and detecting potential security breaches, but they may not necessarily identify all security gaps, especially those that are not associated with log-in attempts.
- IPS Logs Showing Endpoint Attempts to Contact External Command and Control Servers: These logs are useful for detecting and responding to potential malware or intrusion attempts but may not cover all security gaps in an organization’s infrastructure.
- Security Audits: Security audits involve a comprehensive and systematic examination of an organization’s security controls, policies, procedures, and configurations. They aim to identify vulnerabilities, misconfigurations, and gaps in security practices across the entire organization. Security audits are proactive in nature and can help an organization discover security gaps in the most complete manner, allowing for remediation before incidents occur.
While the other options play important roles in security monitoring and incident response, security audits are specifically designed to comprehensively assess an organization’s security posture and identify potential gaps.
For more Questions and Answers: