CompTIA CASP+ (CAS-004) — Question 440

Due to reports of malware targeting companies in the same industry, an organization wants to develop a comprehensive list of IoCs to determine if the systems might be affected in a similar attack. Which of the following would be best to use to develop this list?

Answer options

• A. Simulators
• B. Sandbox detonation
• C. Antivirus
• D. Endpoint detection and response

Correct answer: B

Explanation

Sandbox detonation is the optimal choice as it allows for the safe execution of potentially malicious code in a controlled environment, enabling the identification of IoCs. While antivirus solutions can detect known threats, they may not provide comprehensive insights into new or evolving malware behaviors. Endpoint detection and response can help monitor for threats but is less focused on generating IoCs compared to sandboxing techniques.