CISSP Exam - Question 407

I'm going with A. Security logs are just that, logs, they won't react in any way. While IPS is a better solution on the network, IDS CAN respond - see pg 414 of the CISSP Study guide - "Until your browser and/or host-based intrusion detection system (HIDS) can detect and respond to push lockers, the only response is to close/terminate the browser and not return to the same URL. Host-based CAN respond in some way.

The type of log collection that is focused on detecting and responding to attacks, malware infection, and data theft is Security log collection. Therefore, option C, Security, is the correct answer. Intrusion detection log collection is a type of security log collection that focuses specifically on detecting and preventing unauthorized access to a network or system. Operational log collection, on the other hand, is focused on monitoring the performance and availability of IT infrastructure, such as servers, applications, and network devices. Compliance log collection involves collecting and retaining logs to meet regulatory requirements and industry standards, such as PCI DSS, HIPAA, and GDPR. While all three types of log collection are important, security log collection is the most critical for detecting and responding to security incidents and threats.

How will Intrusion detection detect data theft?

C contains A

I agree with A, IDS can detect and respond to all those provided scenarios. While they cannot "prevent", they can still inform/respond by sending alerts. Page 820 of the CISSP 9th edition official study guide.

Definitely A. https://resources.infosecinstitute.com/certification/logging-monitoring-need-know-cissp/#:~:text=An%20overview%20of%20log%20file&text=Some%20popular%20examples%20of%20log,prevention%20system%20(IPS)%20logs.

Security log collection is focused on detecting and responding to attacks, malware infection, and data theft. Security log collection involves the monitoring and analysis of various system and application logs to identify security-related events, such as failed login attempts, changes to system configurations, and network activity. This type of log collection is critical for identifying and responding to security incidents, such as cyber attacks, malware infections, and data theft.

The type of log collection that is focused on detecting and responding to attacks, malware infection, and data theft is Security log collection. ChatGPT

I would go for C here. I think IDS logs are too narrow of a concept for data theft and malware. Security seems a broader concept that covers it all.

Answer A) IDS Keywords in question, "detecting and responding". Only IDS can do this from the list provided.

IDS is the best, Security is limited

SOAR collects security logs and can respond and "security logs" can include system, security, router, firewall, EDR and other logs. I would say C. Security logs is correct. ID can be either just detection or it can be detection and response, but it doesn't cover malware infection, and data theft as well as a SOAR can.

Answer C is too broad. The question contains "focused" and IDS detects and responds to "attacks, malware infection, and data theft".

Should be D. IDS dont response to attack short of issuing an alert or email. In this context I would say the question is asking for stopping the attack since they added in malwares etc words

Language keywords suggest answer is A and not C. but sure C can, it is a broad answer. answer broadly or answer what is asked? I will go with A.

I would go with D because of data theft. The threat can already be inside your network and would not be detected in intrusion detection. Also security is broader

The CISSP Official Study Guide states that security logs are specifically used to record access to resources and can help detect malicious activities such as unauthorized access and data theft. These logs are essential for identifying and responding to security incidents​​. Therefore, the correct answer is: C. Security This information is found on pages 835-836 of the study guide​