CompTIA CySA+ (CS0-002) — Question 330

During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity. The analyst also notes there is no other alert in place for this traffic. After resolving the security incident, which of the following would be the
BEST action for the analyst to take to increase the chance of detecting this traffic in the future?

Answer options

• A. Share details of the security incident with the organization's human resources management team.
• B. Note the security incident so other analysts are aware the traffic is malicious.
• C. Communicate the security incident to the threat team for further review and analysis.
• D. Report the security incident to a manager for inclusion in the daily report.

Correct answer: C

Explanation

The best course of action is to communicate the security incident to the threat team for further review and analysis, as they can develop more effective detection strategies based on the findings. Notifying HR or documenting the incident for analysts does not directly enhance the detection capabilities. Reporting to a manager may inform higher-ups but does not directly contribute to proactive measures against future incidents.