CompTIA CySA+ (CS0-003) — Question 421

Following a recent security incident, the Chief Information Security Officer is concerned with improving visibility and reporting of malicious actors in the environment. The goal is to reduce the time to prevent lateral movement and potential data exfiltration. Which of the following techniques will best achieve the improvement?

Answer options

• A. Mean time to detect
• B. Mean time to respond
• C. Mean time to remediate
• D. Service-level agreement uptime

Correct answer: A

Explanation

The correct answer is A, as improving the mean time to detect allows for quicker identification of threats, which is essential in preventing lateral movement and data exfiltration. Options B and C focus on response and remediation times, which are important but occur after detection. Option D, related to service-level agreements, does not directly address the issue of visibility and reporting on malicious actors.