CompTIA CySA+ (CS0-002) — Question 277

A threat hunting team received a new IoC from an ISAC that follows a threat actor's profile and activities. Which of the following should be updated NEXT?

Answer options

• A. The whitelist
• B. The DNS
• C. The blocklist
• D. The IDS signature

Correct answer: D

Explanation

Updating the IDS signature is crucial because it allows for the detection of new threats associated with the threat actor's profile. The whitelist and blocklist adjustments are important but should be secondary to ensuring the IDS can identify and respond to the newly identified threats. DNS updates are not directly relevant to immediate threat detection.