Gain insights with a focus on computer forensics and its role in cybersecurity incident analysis.
Table of Contents
Question
Which of the following BEST enables an organization to determine what activities and changes have occurred on a system during a cybersecurity incident?
A. Penetration testing
B. Root cause analysis
C. Continuous log monitoring
D. Computer forensics
Answer
D. Computer forensics
Explanation
The best method for an organization to determine what activities and changes have occurred on a system during a cybersecurity incident is through Computer Forensics. This field involves the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.
ISACA CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CISM exam and earn ISACA CISM certification.