CompTIA CASP+ (CAS-004) — Question 230

An organization thinks that its network has active, malicious activity on it. Which of the following capabilities would BEST help to expose the adversary?

Answer options

• A. Installing a honeypot and other decoys
• B. Expanding SOC functions to include hunting
• C. Enumerating asset configurations
• D. Performing a penetration test

Correct answer: B

Explanation

Option B is correct because expanding Security Operations Center (SOC) functions to include hunting allows for proactive detection of threats in the network. The other options, while useful, are more reactive or focused on specific aspects of security rather than actively seeking out and identifying malicious activity.