CompTIA CySA+ (CS0-002) — Question 6

An organization has not had an incident for several months. The Chief Information Security Officer wants to move to a more proactive stance for security investigations. Which of the following would BEST meet that goal?

Answer options

• A. Root-cause analysis
• B. Active response
• C. Advanced antivirus
• D. Information-sharing community
• E. Threat hunting

Correct answer: E

Explanation

Threat hunting is the most effective option as it involves actively searching for potential threats before they can cause harm, thereby adopting a proactive security posture. In contrast, root-cause analysis and active response are reactive measures that deal with incidents after they occur, while advanced antivirus software and information-sharing communities do not specifically focus on proactive threat identification.