A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks. Which of the following should the CSO conduct FIRST?
A.
Survey threat feeds from services inside the same industry.
B.
Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic
C.
Conduct an internal audit against industry best practices to perform a qualitative analysis.
D.
Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
A, because analyzing the threat feeds gives a pretty detailed analysis of possible threats. This is the first step in protecting against those threats. A is quicker than B. C sounds right, but a qualitative analysis conducted based on internal information would be useful in understanding what the risks are and what the repercussions of a breach would be; it would not be useful in mitigating targeted attacks. Because of that, C is not as good as A. D might be a good idea but would certainly not be the first step.
That's right. Also. we don't have any information on the current security posture of this company. They may even have security tools in place but the CEO wants an industry-based baseline. Remember, executives are concern with strategic (Long term) plans.
Also, as the question states, the goal is to improve the company's security posture quickly. I don't see answer 'C' as a quick solution, as you are conducting the audit and performing an analysis. Of course...what do I know...I key'd off the word 'quick' and went with D, thinking it would be best to get something stood up as soon as possible.
Answer A. its says FIRST step among the steps the CEO needs to do it doesn't says to look for the proposed solution and you stop from there. Of course A is not enough but you can start from there
Targeted attacks is actually the key word and that's why surveying threat feeds from services in that industry should be the first thing to do. A it is.
Unified threat management (UTM) is a single solution that combines
multiple security controls. The overall goal of UTMs is to provide better
security, while also simplifying management requirements. In many cases, a
UTM device will reduce the workload of administrators without sacrificing
security.
As IT-based threats first began appearing, security experts created
various solutions to deal with each of them. When attackers began releasing
malware to infect computers, vendors created antivirus software. Attackers
started attacking networks, and in response, security experts developed and
steadily improved firewalls. When organizations recognized a need to control
what sites users can visit, organizations implemented proxies with URL filters.
Although these solutions are effective, they are also complex.
Administrators often find it challenging to manage each of these solutions
separately. Because of this, UTM security appliances have become quite
popular.
UTM security appliances combine the features of multiple security
solutions into a single appliance. For example, a UTM security appliance
might include a firewall, antivirus protection, anti-spam protection, URL
filtering, and content filtering.
Think about this part of the question - improve the company's security posture quickly
Does quickly mean 1 day 1 week or 1 month
Conducting an internal audit, buying UTM, and purchasing multiple threat feeds take time. It doesn't take that much time to view a threat feed online or contact a CSO in another like industry. Just my opinion for answer A
The question even says: it is a targeted attack and what should be done first.
You need to identify what you want to guide against and not just be spending money on UTM and feeds that may not be relevant to the attacks that targets you
UTM offers several tools. the question notes targeted attacks. to be able to configure the UTM appropriately, the CSO will need to know what to target which means he/she will need to know the current security posture of the company first. The answer is A from reading all the other responses. I thought D myself. but quickly is not the only focus word in the question.
D should be the quickest to improve security posture. Thinking about costs, analysis etc. Question does not mention any of that. UTM with feeds being updated from the vendor should be good. Maybe do two UTMs from different vendors for vendor diversity.
Due to the targeted attack, it has a great possibility that a competitor in the same industry did this. It's like a police officer asks do you have any enemy when you got an unknown attack.
D - UTM is a networking device or software program that helps reduce the complexity of securing a network. It accomplishes this by including an anti-malware, content filter, firewall, intrusion detection, and spam protection into a single package.
UTM might break your network and take some time to implement. Plus it does nothing for Threat Actors that are targeting your industry using targeted attacks, UTM is just the shotgun method of trying to fix the issue.
Also, as the question states, the goal is to improve the company's security posture quickly. I don't see answer 'C' as a quick solution, as you are conducting the audit and performing an analysis. Of course...what do I know...I key'd off the word 'quick' and went with D, thinking it would be best to get something stood up as soon as possible.
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
brandonl
Highly Voted 5 years, 1 month agoCYBRSEC20
4 years, 10 months agoBG3
Highly Voted 5 years, 2 months agoM3rlin
5 years, 1 month agoCSSJ
Most Recent 4 years, 6 months agopauliez
4 years, 1 month agoSavvy5_
4 years, 6 months agoMRZ_1337
4 years, 7 months agoMRZ_1337
4 years, 7 months agoEnlightened
4 years, 7 months agoTeza
4 years, 8 months agokentasmith
4 years, 8 months agoTeza
4 years, 8 months agoBer
4 years, 9 months agoDon_H
4 years, 9 months agoMagicianRecon
4 years, 10 months agoAWS_NEWBIE_2020
4 years, 11 months agoMelvinJohn
5 years, 1 month agoMelvinJohn
5 years, 1 month agoJacobCrane
4 years, 9 months ago1010101
5 years, 2 months agoTeza
4 years, 8 months agoBG3
5 years, 2 months agostoda
5 years, 3 months agoTeza
4 years, 8 months ago