Which of the following exercise types should the analyst perform?

A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.
Which of the following exercise types should the analyst perform?
A. Summarize the most recently disclosed vulnerabilities.
B. Research industry best practices and latest RFCs.
C. Undertake an external vulnerability scan and penetration test.
D. Conduct a threat modeling exercise.

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.

comptia-exams

2 thoughts on “Which of the following exercise types should the analyst perform?

  1. D.

    From CASP official material:

    “Threat modeling is a threat intelligence process that identifies and assesses the possible attack vectors that target systems. These models can encompass general security in an organization or they can apply to specific systems that are the target of an attack. In addition, some threat models are attacker-focused rather than asset-focused. Either way, a threat model will assist you in evaluating the risks involved in a potential attack, as well as the best course to take to mitigate its effects.”

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.