CompTIA CASP+ (CAS-004) — Question 9
An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.
Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?
Answer options
- A. Deploy a SOAR tool.
- B. Modify user password history and length requirements.
- C. Apply new isolation and segmentation schemes.
- D. Implement decoy files on adjacent hosts.
Correct answer: D
Explanation
Implementing decoy files on adjacent hosts is the best approach as it can lure the adversary into interacting with these files, revealing their presence and intentions. The other options, while useful for security, do not actively engage the adversary or expose their actions in the same way that decoy files can.