CompTIA CySA+ CS0-003 Practice Question
Following a security incident where an organization's proprietary data was exfiltrated through an advanced persistent threat (APT), a cybersecurity analyst is tasked with a root cause analysis to prevent future compromises. In reviewing the incident, it was determined that the adversary had been present in the network for several months. Which of the following actions should the analyst prioritize to address the systemic issues that facilitated the prolonged presence of the adversary?
Assessing the effectiveness of the organization's threat hunting practices
Reviewing the organization's patch management policies and procedures
Implementing a strict network segmentation strategy retrospectively
Evaluating the encryption methods employed for data at rest within the network