Exam ISO-IEC-27035-Lead-Incident-Manager Topic 1 Question 76 Discussion
Actual exam question for PECB's ISO-IEC-27035-Lead-Incident-Manager exam
Question #: 76
Topic #: 1
Question #: 76
Topic #: 1
What is the purpose of monitoring behavioral analytics in security monitoring?
Suggested Answer: C Vote an answer
Comprehensive and Detailed Explanation From Exact Extract:
Behavioral analytics refers to using baselines of user or system behavior to identify anomalies that may indicate potential threats. According to ISO/IEC 27035-2, behavioral monitoring is an essential proactive technique for detecting insider threats, account compromise, and lateral movement by attackers.
Once a baseline for "normal behavior" is established (e.g., login patterns, file access, network usage), deviations can trigger alerts or investigations. This allows earlier detection of suspicious activities before they escalate into full-blown incidents.
Option A is a separate initiative related to awareness programs. Option B is more aligned with the response phase, not monitoring.
Reference:
ISO/IEC 27035-2:2016, Clause 7.3.2: "Security monitoring should include behavioral analysis to detect anomalies from baseline user and system activity." Correct answer: C
-
Behavioral analytics refers to using baselines of user or system behavior to identify anomalies that may indicate potential threats. According to ISO/IEC 27035-2, behavioral monitoring is an essential proactive technique for detecting insider threats, account compromise, and lateral movement by attackers.
Once a baseline for "normal behavior" is established (e.g., login patterns, file access, network usage), deviations can trigger alerts or investigations. This allows earlier detection of suspicious activities before they escalate into full-blown incidents.
Option A is a separate initiative related to awareness programs. Option B is more aligned with the response phase, not monitoring.
Reference:
ISO/IEC 27035-2:2016, Clause 7.3.2: "Security monitoring should include behavioral analysis to detect anomalies from baseline user and system activity." Correct answer: C
-
by Hedy at Nov 13, 2025, 05:35 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).