Exam CISA topic 1 question 362 discussion

I think answer should be A because of unknown

Sandboxing is the MOST effective technique among the options for discovering unknown malicious attacks, such as zero-day threats or malware with previously unseen behavior. Sandboxing isolates code (e.g., files, applications, attachments) in a controlled environment, allowing observation of its behavior without risking the actual system. It is particularly effective at detecting previously unknown (i.e., not signature-based) threats by analyzing what the code does, not just what it is. Why not the others? A. Penetration testing – Simulates known attack scenarios; it’s effective for identifying known vulnerabilities, but not unknown threats. C. Vulnerability testing – Focuses on scanning for known weaknesses, not discovering new or unknown malicious activity. D. Reverse engineering – Helps understand how malware works after it is discovered, but is time-consuming and reactive, not ideal for detecting unknown threats in real time.

Sandboxing is the MOST effective technique for discovering unknown malicious attacks. It involves running programs or code in an isolated environment (a "sandbox") where the system can monitor and analyze its behavior without putting the host system or network at risk. This is particularly effective for discovering new, unknown, or zero-day attacks because it allows for the observation of suspicious activity that might not be detected by traditional security tools. In the sandbox, malicious actions can be safely observed, helping to identify previously unknown attacks or malware.

Cos sandboxing is more focused on testing the behavior of specific applications, rather than discovering unknown attacks across the entire system.

Penetration testing is the most effective security testing technique for discovering unknown malicious attacks because it simulates real-world attack scenarios, uncovering vulnerabilities that may not be identified through other methods. Penetration testers use techniques similar to those of actual attackers to identify weaknesses in the system's security defenses.

generally pen testing is associated with discovering vulnerabilities and exploiting them. we can see them as a preventive control. sand boxing, on the other hand, is more detective / corrective where it isolates and analysis suspicious code (malware) in a controlled environment

Penetration testing, also known as ethical hacking, involves simulating real-world cyberattacks to identify vulnerabilities and weaknesses in an organization's systems, networks, or applications. Penetration testers use various methods and tools to attempt to exploit vulnerabilities in the same way that malicious attackers would. While sandboxing (Option B) can be useful for isolating potentially malicious code or programs in a controlled environment to prevent harm to the system, it is not specifically designed to discover unknown malicious attacks. Sandbox environments are typically used to analyze and evaluate https://www.examtopics.com/exams/isaca/cisa/view/2/#the behavior of suspicious or unknown software in a safe manner.

unknown malicious attacks, should be A, because they are Unknown, vulnerability scanning it is known things

pen test is for cheking vulnurability not attack. Sandbox is for attack.

A. Penetration testing

Penetration testing is the security testing technique that is most effective in discovering unknown malicious attacks.

Sandboxing is a security technique that isolates an application or process from the rest of the system, preventing it from accessing or modifying other resources. It is not a type of security testing, but rather a security mechanism that can be used to protect a system from potentially malicious code or inputs. Sandboxing can be useful for testing applications in a safe environment, but it does not discover unknown malicious attacks by itself.

Using a sandbox for advanced malware detection provides another layer of protection against new security threats—zero-day (previously unseen) malware and stealthy attacks, in particular. And what happens in the sandbox, stays in the sandbox—avoiding system failures and keeping software vulnerabilities from spreading.

Sandboxing