Exam ISO-IEC-27035-Lead-Incident-Manager Topic 1 Question 24 Discussion
Actual exam question for PECB's ISO-IEC-27035-Lead-Incident-Manager exam
Question #: 24
Topic #: 1
Question #: 24
Topic #: 1
Scenario 6: EastCyber has established itself as a premier cyber security company that offers threat detection, vulnerability assessment, and penetration testing tailored to protect organizations from emerging cyber threats. The company effectively utilizes ISO/IEC 27035*1 and 27035-2 standards, enhancing its capability to manage information security incidents.
EastCyber appointed an information security management team led by Mike Despite limited resources, Mike and the team implemented advanced monitoring protocols to ensure that every device within the company's purview is under constant surveillance This monitoring approach is crucial for covering everything thoroughly, enabling the information security and cyber management team to proactively detect and respond to any sign of unauthorized access, modifications, or malicious activity within its systems and networks.
In addition, they focused on establishing an advanced network traffic monitoring system This system carefully monitors network activity, quickly spotting and alerting the security team to unauthorized actions This vigilance is pivotal in maintaining the integrity of EastCyber's digital infrastructure and ensuring the confidentiality, availability, and integrity of the data it protects.
Furthermore, the team focused on documentation management. They meticulously crafted a procedure to ensure thorough documentation of information security events. Based on this procedure, the company would document only the events that escalate into high-severity incidents and the subsequent actions. This documentation strategy streamlines the incident management process, enabling the team to allocate resources more effectively and focus on incidents that pose the greatest threat.
A recent incident involving unauthorized access to company phones highlighted the critical nature of incident management. Nate, the incident coordinator, quickly prepared an exhaustive incident report. His report detailed an analysis of the situation, identifying the problem and its cause. However, it became evident that assessing the seriousness and the urgency of a response was inadvertently overlooked.
In response to the incident, EastCyber addressed the exploited vulnerabilities. This action started the eradication phase, aimed at systematically eliminating the elements of the incident. This approach addresses the immediate concerns and strengthens EastCyber's defenses against similar threats in the future.
According to scenario 6, what mechanisms for detecting security incidents did EastCyber implement?
EastCyber appointed an information security management team led by Mike Despite limited resources, Mike and the team implemented advanced monitoring protocols to ensure that every device within the company's purview is under constant surveillance This monitoring approach is crucial for covering everything thoroughly, enabling the information security and cyber management team to proactively detect and respond to any sign of unauthorized access, modifications, or malicious activity within its systems and networks.
In addition, they focused on establishing an advanced network traffic monitoring system This system carefully monitors network activity, quickly spotting and alerting the security team to unauthorized actions This vigilance is pivotal in maintaining the integrity of EastCyber's digital infrastructure and ensuring the confidentiality, availability, and integrity of the data it protects.
Furthermore, the team focused on documentation management. They meticulously crafted a procedure to ensure thorough documentation of information security events. Based on this procedure, the company would document only the events that escalate into high-severity incidents and the subsequent actions. This documentation strategy streamlines the incident management process, enabling the team to allocate resources more effectively and focus on incidents that pose the greatest threat.
A recent incident involving unauthorized access to company phones highlighted the critical nature of incident management. Nate, the incident coordinator, quickly prepared an exhaustive incident report. His report detailed an analysis of the situation, identifying the problem and its cause. However, it became evident that assessing the seriousness and the urgency of a response was inadvertently overlooked.
In response to the incident, EastCyber addressed the exploited vulnerabilities. This action started the eradication phase, aimed at systematically eliminating the elements of the incident. This approach addresses the immediate concerns and strengthens EastCyber's defenses against similar threats in the future.
According to scenario 6, what mechanisms for detecting security incidents did EastCyber implement?
Suggested Answer: B Vote an answer
Comprehensive and Detailed Explanation From Exact Extract:
In the scenario, EastCyber implemented an "advanced network traffic monitoring system" that "spots and alerts the security team to unauthorized actions." This aligns closely with the functional characteristics of an Intrusion Detection System (IDS), which monitors traffic or systems for malicious activities and policy violations and sends alerts for review.
While Security Information and Event Management (SIEM) tools and Intrusion Prevention Systems (IPS) offer valuable detection and response capabilities, the scenario specifically describes a system focused on monitoring and alerting-not automatically blocking traffic, which would indicate an IPS.
SIEM platforms correlate and analyze logs from various sources, which wasn't described. Therefore, IDS is the most accurate interpretation.
Reference:
ISO/IEC 27035-2:2016, Clause 7.4.2: "Detection mechanisms can include intrusion detection systems, log analysis tools, and traffic monitoring systems to detect potential security events." Correct answer: B
-
In the scenario, EastCyber implemented an "advanced network traffic monitoring system" that "spots and alerts the security team to unauthorized actions." This aligns closely with the functional characteristics of an Intrusion Detection System (IDS), which monitors traffic or systems for malicious activities and policy violations and sends alerts for review.
While Security Information and Event Management (SIEM) tools and Intrusion Prevention Systems (IPS) offer valuable detection and response capabilities, the scenario specifically describes a system focused on monitoring and alerting-not automatically blocking traffic, which would indicate an IPS.
SIEM platforms correlate and analyze logs from various sources, which wasn't described. Therefore, IDS is the most accurate interpretation.
Reference:
ISO/IEC 27035-2:2016, Clause 7.4.2: "Detection mechanisms can include intrusion detection systems, log analysis tools, and traffic monitoring systems to detect potential security events." Correct answer: B
-
by Charlotte at Nov 12, 2025, 01:24 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).