CompTIA CySA+ (CS0-002) — Question 184

During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity. The analyst also notes there is no other alert in place for this traffic. After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

Answer options

• A. Share details of the security incident with the organization's human resources management team.
• B. Note the security incident to junior analysts so they are aware of the traffic.
• C. Communicate the security incident to the threat team for further review and analysis.
• D. Report the security incident for inclusion in the daily report.

Correct answer: C

Explanation

The correct answer is C because communicating the security incident to the threat team allows for a deeper analysis of the threat, which can lead to improved detection mechanisms in the future. Options A and B do not directly contribute to enhancing detection capabilities, while D may help in documentation but does not address the immediate need for proactive detection of similar threats.