CompTIA CASP+ (CAS-003) — Question 225

A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.
Which of the following is the MOST likely reason for the team lead's position?

Answer options

• A. The organization has accepted the risks associated with web-based threats.
• B. The attack type does not meet the organization's threat model.
• C. Web-based applications are on isolated network segments.
• D. Corporate policy states that NIPS signatures must be updated every hour.

Correct answer: A

Explanation

The team lead's lack of concern likely indicates that the organization has already assessed and accepted the risks tied to web-based threats, making option A the most plausible reason. The other options may not accurately reflect the organization's overall risk management strategy or the relevance of the new attack method to their established protocols.