CompTIA SecurityX (CAS-005) — Question 318

A company detects suspicious activity associated with inbound connections. Security detection tools are unable to categorize this activity. Which of the following is the best solution to help the company overcome this challenge?

Answer options

• A. Implement an interactive honeypot.
• B. Map network traffic to known IoCs.
• C. Monitor the dark web.
• D. Implement UEBA.

Correct answer: D

Explanation

Implementing UEBA (User and Entity Behavior Analytics) is the best solution as it helps in identifying anomalies in user behavior, which can be critical for categorizing suspicious activities. The other options, while useful in certain contexts, do not provide the same level of insight into user and entity behavior that can help in detecting and mitigating the unidentified threats.