CompTIA SecurityX (CAS-005) — Question 235

Due to reports of malware targeting companies in the same industry, an organization wants to develop a comprehensive list of IoCs to determine if its systems might be affected in a similar attack. Which of the following would be best to use to develop this list?

Answer options

• A. Simulators
• B. Sandbox detonation
• C. Antivirus
• D. Endpoint detection and response

Correct answer: B

Explanation

Sandbox detonation is the most effective method for developing a list of IoCs as it allows for the safe execution of suspicious files in a controlled environment, revealing their behavior and any potential indicators. In contrast, simulators do not provide real-world data, antivirus software primarily focuses on detection and removal rather than IoC generation, and endpoint detection and response solutions monitor systems but may not specifically generate a comprehensive list of IoCs.