CompTIA CASP+ (CAS-004) — Question 20

A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information.
Which of the following should the security engineer do to BEST manage the threats proactively?

Answer options

• A. Join an information-sharing community that is relevant to the company.
• B. Leverage the MITRE ATT&CK framework to map the TTP.
• C. Use OSINT techniques to evaluate and analyze the threats.
• D. Update security awareness training to address new threats, such as best practices for data security.

Correct answer: D

Explanation

The correct answer is D because updating security awareness training ensures that employees are informed about the latest threats and best practices for protecting sensitive information. While joining a community (A), leveraging the MITRE ATT&CK framework (B), and using OSINT techniques (C) are valuable actions, they do not directly enhance the immediate security posture of the company's personnel as effectively as comprehensive training does.