CompTIA CASP+ (CAS-003) — Question 220

The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO's request?

Answer options

• A. 1. Perform the ongoing research of the best practices 2. Determine current vulnerabilities and threats 3. Apply Big Data techniques 4. Use antivirus control
• B. 1. Apply artificial intelligence algorithms for detection 2. Inform the CERT team 3. Research threat intelligence and potential adversaries 4. Utilize threat intelligence to apply Big Data techniques
• C. 1. Obtain the latest IOCs from the open source repositories 2. Perform a sweep across the network to identify positive matches 3. Sandbox any suspicious files 4. Notify the CERT team to apply a future proof threat model
• D. 1. Analyze the current threat intelligence 2. Utilize information sharing to obtain the latest industry IOCs 3. Perform a sweep across the network to identify positive matches 4. Apply machine learning algorithms

Correct answer: C

Explanation

Option C is correct because it outlines a systematic approach to gather indicators of compromise (IOCs), assess the network for threats, and prepare for future threats by involving the CERT team. The other options do not follow a clear and effective methodology for identifying and addressing zero-day exploits, often lacking necessary steps or focusing on less relevant techniques.