Certified Ethical Hacker (CEH v12) — Question 135

Given the complexities of an organization’s network infrastructure, a threat actor has exploited an unidentified vulnerability, leading to a major data breach. As a Certified Ethical Hacker (CEH). you are tasked with enhancing the organization's security stance. To ensure a comprehensive security defense, you recommend a certain security strategy. Which of the following best represents the strategy you would likely suggest and why?

Answer options

• A. Develop an in-depth Risk Management process, involving identification, assessment, treatment, tracking, and review of risks to control the potential effects on the organization.
• B. Establish a Defense-in-Depth strategy, incorporating multiple layers of security measures to increase the complexity and decrease the likelihood of a successful attack.
• C. Implement an Information Assurance (IA) policy focusing on ensuring the integrity, availability, confidentiality, and authenticity of information systems.
• D. Adopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection, and response actions to ensure comprehensive computer network defense.

Correct answer: D

Explanation

The correct answer is D because a Continual/Adaptive Security Strategy focuses on ongoing actions to predict, prevent, detect, and respond to threats, which is essential for comprehensive security in a dynamic threat landscape. Options A, B, and C, while important, do not encompass the continuous nature of security needed to address evolving threats effectively.