CompTIA CASP+ (CAS-004) — Question 281

A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements:

• Capable of early detection of advanced persistent threats.
• Must be transparent to users and cause no performance degradation.
• Allow integration with production and development networks seamlessly.
• Enable the security team to hunt and investigate live exploitation techniques.

Which of the following technologies BEST meets the customer's requirements for security capabilities?

Answer options

• A. Threat Intelligence
• B. Deception software
• C. Centralized logging
• D. Sandbox detonation

Correct answer: B

Explanation

Deception software is designed to detect advanced persistent threats early by creating traps that lure attackers, making it the best fit for the customer's requirements. The other options, while useful, do not provide the same level of proactive threat detection and user transparency as deception software does. Threat Intelligence and Centralized logging focus more on data collection and analysis, while Sandbox detonation is primarily for analyzing malware in isolation.