CompTIA CySA+ (CS0-003) — Question 144

A Chief Information Security Officer (CISO) is concerned that a specific threat actor who is known to target the company’s business type may be able to breach the network and remain inside of it for an extended period of time. Which of the following techniques should be performed to meet the CISO’s goals?

Answer options

• A. Vulnerability scanning
• B. Adversary emulation
• C. Passive discovery
• D. Bug bounty

Correct answer: B

Explanation

Adversary emulation (B) is the correct choice because it simulates the tactics and techniques of known threat actors, allowing organizations to identify vulnerabilities and improve defenses against specific threats. Vulnerability scanning (A) is more general and may not focus on the specific actor's methods. Passive discovery (C) gathers information without engaging with the environment, and bug bounty programs (D) rely on external researchers, which may not directly simulate the specific threat actor's approach.