A security manager has written an incident response play book for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?
A.
Automated vulnerability scanning
B.
Centralized logging, data analytics, and visualization
The best answer is D. Threat emulation.
Threat emulation involves simulating insider attacks to test the effectiveness of the incident response playbook. This approach allows the security team to evaluate the response procedures in a controlled environment and identify any gaps or improvements needed.
The manager should conduct D. Threat emulation to test the playbook.
Threat emulation involves simulating a real-world attack scenario to test the effectiveness of security measures and incident response plans. In this case, the manager could simulate an insider attack to see how well the playbook works in practice.
While the other options (Automated vulnerability scanning, Centralized logging, data analytics, and visualization, Threat hunting) can be part of a comprehensive security strategy, they do not directly test the effectiveness of an incident response playbook.
threat emulation will try to trigger the runbook to see if it will react to the threat
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CAS-004 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
041ba31
5 months, 1 week agoElDirec
9 months agosaucehozz
6 months, 1 week agonuel_12
11 months, 3 weeks ago