CompTIA CySA+ (CS0-003) — Question 20

A cybersecurity team lead is developing metrics to present in the weekly executive briefs. Executives are interested in knowing how long it takes to stop the spread of malware that enters the network. Which of the following metrics should the team lead include in the briefs?

Answer options

• A. Mean time between failures
• B. Mean time to detect
• C. Mean time to remediate
• D. Mean time to contain

Correct answer: D

Explanation

The correct answer is D, Mean time to contain, as it specifically measures the time taken to stop malware from spreading further after it has been detected. The other options are not focused on containment: A measures system failures, B is about the time taken to detect malware, and C deals with the time to fix or remove the malware, rather than halting its spread.