CompTIA CySA+ (CS0-003) — Question 282

Based on an internal assessment, a vulnerability management team wants to proactively identify risks to the infrastructure prior to production deployments. Which of the following best supports this approach?

Answer options

• A. Threat modeling
• B. Penetration testing
• C. Bug bounty
• D. SDLC training

Correct answer: A

Explanation

Threat modeling allows teams to identify and prioritize potential threats and vulnerabilities in the system before it goes live, making it the most effective choice for proactive risk assessment. Penetration testing, while useful, typically occurs after development and focuses on exploiting vulnerabilities rather than identifying them early. Bug bounty programs are reactive and rely on external individuals to find issues post-deployment, and SDLC training focuses on improving the development process rather than directly identifying risks.