CompTIA CySA+ (CS0-001) — Question 15
A threat intelligence analyst who works for a technology firm received this report from a vendor.
"There has been an intellectual property theft campaign executed against organizations in the technology industry. Indicators for this activity are unique to each intrusion. The information that appears to be targeted is R&D data. The data exfiltration appears to occur over months via uniform TTPs. Please execute a defensive operation regarding this attack vector."
Which of the following combinations suggests how the threat should MOST likely be classified and the type of analysis that would be MOST helpful in protecting against this activity?
Answer options
- A. Polymorphic malware and secure code analysis
- B. Insider threat and indicator analysis
- C. APT and behavioral analysis
- D. Ransomware and encryption
Correct answer: C
Explanation
The correct answer is C, as Advanced Persistent Threats (APTs) involve sophisticated and prolonged attacks, which align with the characteristics described in the report. Behavioral analysis helps in understanding the patterns of these threats. The other options do not accurately represent the nature of the threat; for instance, polymorphic malware and ransomware don't fit the intellectual property theft context.