A security analyst is tasked with enhancing the organization's proactive defense capabilities by identifying new and evolving attack methodologies before they are widely used. Which of the following would be the MOST effective practice for this purpose?
Conduct regular internal vulnerability scans on all network assets.
Subscribe to and analyze threat intelligence feeds.
Enforce a more stringent password complexity and rotation policy.
Perform a comprehensive penetration test on an annual basis.
The correct answer is to subscribe to and analyze threat intelligence feeds. Threat intelligence feeds provide up-to-date information on emerging threats, new attack vectors, malware, and adversary tactics, techniques, and procedures (TTPs). This allows security professionals to proactively adjust defenses against new threats. While the other options are valid security practices, they are not the most effective for identifying emerging threats. Regular vulnerability scanning is crucial for finding known vulnerabilities in the current environment but is reactive to what is already known. Enforcing stronger password policies is a fundamental security control but does not provide insight into new attack methods. Annual penetration testing validates existing defenses against known attack types but is a point-in-time assessment and less effective for continuous monitoring of new, evolving threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are emergent threats in IT security?
Open an interactive chat with Bash
What is meant by adjusting a security posture?
Open an interactive chat with Bash
How can organizations effectively monitor for threats?