CompTIA CASP+ (CAS-003) — Question 24

The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting. Which of the following would be the BEST methods to prepare this report? (Choose two.)

Answer options

• A. Review the CVE database for critical exploits over the past year
• B. Use social media to contact industry analysts
• C. Use intelligence gathered from the Internet relay chat channels
• D. Request information from security vendors and government agencies
• E. Perform a penetration test of the competitor's network and share the results with the board

Correct answer: A, D

Explanation

The best methods to prepare the report are A and D because reviewing the CVE database provides reliable data on critical vulnerabilities relevant to the industry, while requesting information from security vendors and government agencies gives access to expert insights and current threat intelligence. Options B and C are less reliable and may not provide comprehensive or authoritative information, while E is unethical and potentially illegal as it involves unauthorized testing of a competitor's network.