A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage. Which of the following exercise types should the analyst perform?
A) Summarize the most recently disclosed vulnerabilities.
B) Research industry best practices and the latest RFCs.
C) Undertake an external vulnerability scan and penetration test.
D) Conduct a threat modeling exercise.
Correct Answer:
Verified
Q320: A security researcher is gathering information about
Q321: Ann, a security administrator, is conducting an
Q322: An internal application has been developed to
Q323: As a result of an acquisition, a
Q324: Company leadership believes employees are experiencing an
Q326: An engineer is reviewing the security architecture
Q327: An organization wants to arm its cybersecurity
Q328: Following a recent and very large corporate
Q329: As part of an organization's compliance program,
Q330: A vendor develops a mobile application for
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents