CompTIA CASP+ (CAS-003) — Question 67

A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack. Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)

Answer options

• A. Bug bounty websites
• B. Hacker forums
• C. Antivirus vendor websites
• D. Trade industry association websites
• E. CVE database
• F. Company's legal department

Correct answer: B, E

Explanation

The correct answers are B and E. Hacker forums (B) provide real-time discussions about exploits and vulnerabilities, which can give insights into the current threat landscape. The CVE database (E) catalogs known vulnerabilities and provides specific details about each exploit, which is essential for assessing the need for a response. The other options may not provide the most relevant or up-to-date information regarding active attacks impacting systems.