312-50V13 · Question #495
312-50V13 Question #495: Real Exam Question with Answer & Explanation
The correct answer is C: Adopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection,. Explanation Option C is correct because a Continual/Adaptive Security Strategy directly addresses the scenario's core problem - an unidentified vulnerability that was exploited - by emphasizing ongoing prediction, prevention, detection, and response, meaning the organization cont
Question
Given the complexities of an organization's network infrastructure, a threat actor has exploited an unidentified vulnerability, leading to a major data breach. As a Certified Ethical Hacker (CEH), you are tasked with enhancing the organization's security stance. To ensure a comprehensive security defense, you recommend a certain security strategy. Which of the following best represents the strategy you would likely suggest and why?
Options
- ADevelop an in-depth Risk Management process, involving identification, assessment, treatment,
- BEstablish a Defense-in-Depth strategy, incorporating multiple layers of security measures to
- CAdopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection,
- DImplement an Information Assurance (IA) policy focusing on ensuring the integrity, availability,
Explanation
Explanation
Option C is correct because a Continual/Adaptive Security Strategy directly addresses the scenario's core problem - an unidentified vulnerability that was exploited - by emphasizing ongoing prediction, prevention, detection, and response, meaning the organization continuously evolves its defenses rather than relying on static, one-time measures. This approach is specifically designed to handle unknown and emerging threats, making it the most comprehensive and proactive recommendation a CEH would make after a breach caused by an unknown vulnerability.
- Option A (Risk Management) is incorrect because while identifying and assessing risks is valuable, it is a component of security rather than a complete defensive strategy - it wouldn't have necessarily caught an unidentified vulnerability in time.
- Option B (Defense-in-Depth) is a strong distractor, but it focuses on layered static controls rather than the dynamic, continuous cycle of adaptation needed when dealing with unknown threats.
- Option D (Information Assurance) is incorrect because it focuses on data properties (integrity, availability, confidentiality) rather than providing an active, adaptive defensive strategy against evolving attack vectors.
🧠 Memory Tip: Think "ADAPT or get hacked" - when a breach involves an unknown threat, only a strategy that continuously adapts (predict → prevent → detect → respond) can keep pace with evolving attackers.
Topics
Community Discussion
No community discussion yet for this question.