CompTIA CySA+ (CS0-002) — Question 126

An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization's network. Which of the following approaches should the security analyst recommend?

Answer options

• A. Use the MITRE ATT&CK framework to develop threat models.
• B. Conduct internal threat research and establish indicators of compromise.
• C. Review the perimeter firewall rules to ensure the accuracy of the rule set.
• D. Use SCAP scans to monitor for configuration changes on the network.

Correct answer: B

Explanation

The correct answer is B because conducting internal threat research and establishing indicators of compromise is crucial for identifying ongoing threats. Option A is less immediate as it focuses on modeling rather than direct threat identification. Option C looks at firewall rules, which is reactive rather than proactive. Option D involves monitoring configuration changes but does not specifically address identifying malicious traffic.