CompTIA CASP+ (CAS-004) — Question 226

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

Answer options

• A. Develop an Nmap plug-in to detect the indicator of compromise.
• B. Update the organization's group policy.
• C. Include the signature in the vulnerability scanning tool.
• D. Deliver an updated threat signature throughout the EDR system.

Correct answer: D

Explanation

Delivering an updated threat signature throughout the EDR system ensures that the newly identified indicators of compromise are recognized and managed effectively. The other options, while potentially useful, do not directly address the immediate integration of the new threat intelligence into the organization's security posture as effectively as updating the EDR system.