CompTIA CySA+ (CS0-002) — Question 366

As part of an intelligence feed, a security analyst receives a report from a third-party trusted source. Within the report are several domains and reputational information that suggest the company's employees may be targeted for a phishing campaign. Which of the following configuration changes would be the MOST appropriate for intelligence gathering?

Answer options

• A. Update the whitelist.
• B. Develop a malware signature.
• C. Sinkhole the domains.
• D. Update the blacklist.

Correct answer: C

Explanation

The correct answer is C, as sinkholing the domains allows the organization to gather intelligence on any attempts to access those domains, helping to mitigate the phishing threat. Updating the whitelist (A) or blacklist (D) does not actively gather intelligence on the threat, and developing a malware signature (B) is a reactive measure rather than a proactive intelligence-gathering tactic.