CompTIA
CAS-001 · Question #479
CAS-001 Question #479: Real Exam Question with Answer & Explanation
The correct answer is A: Survey threat feeds from analysts inside the same industry.. To improve defenses against targeted attacks, the CSO must first gather threat intelligence specific to the company's industry before selecting or deploying any controls.
Question
A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture with regard to targeted attacks. Which of the following should the CSO conduct FIRST?
Options
- ASurvey threat feeds from analysts inside the same industry.
- BPurchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
- CConduct an internal audit against industry best practices to perform a gap analysis.
- DDeploy a UTM solution that receives frequent updates from a trusted industry vendor.
Explanation
To improve defenses against targeted attacks, the CSO must first gather threat intelligence specific to the company's industry before selecting or deploying any controls.
Common mistakes.
- B. Purchasing multiple threat feeds and blocking malicious traffic is a reactive, tactical measure that should follow - not precede - understanding which specific threats are relevant to the organization's industry.
- C. An internal audit and gap analysis assesses general security maturity against best practices but does not address the specific threat actors or techniques used in targeted attacks against the company's industry.
- D. Deploying a UTM solution is a technical control implementation step that is only effective after the CSO understands what specific threats need to be mitigated, making it premature before threat intelligence is gathered.
Concept tested. Threat intelligence gathering for targeted attack defense
Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-150.pdf
Community Discussion
No community discussion yet for this question.