A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.
Which of the following exercise types should the analyst perform?
A . Summarize the most recently disclosed vulnerabilities.
B . Research industry best practices and latest RFCs.
C . Undertake an external vulnerability scan and penetration test.
D . Conduct a threat modeling exercise.
Answer: D
Latest CAS-003 Dumps Valid Version with 509 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund