Which THREE are essential components of a security monitoring strategy? (Choose three.)
Ensures proper handling.
Why this answer
Defined incident response procedures (Option C) are essential because they provide a structured, repeatable workflow for detecting, analyzing, and containing security incidents. Without pre-defined procedures, a security team cannot consistently execute the 'Respond' phase of the NIST SP 800-61 incident response lifecycle, leading to delayed containment and increased dwell time.
Exam trap
Cisco often tests the distinction between preventive controls (antivirus, encryption) and detective/monitoring controls (log collection, correlation, incident response procedures), causing candidates to mistakenly include security hygiene measures as monitoring components.