Which of the following provides the BEST real-time visibility into advanced persistent threats (APTs) on a network?

  1. Annual penetration tests
  2. Firewall logs reviewed on a monthly basis
  3. Continuous network traffic analysis and behavioral analytics ✓
  4. User access reviews conducted quarterly

Correct answer: Continuous network traffic analysis and behavioral analytics

Option C is correct because continuous network traffic analysis combined with behavioral analytics provides real-time, ongoing visibility into subtle patterns and deviations that indicate advanced persistent threats, which are designed to evade point-in-time controls and persist silently over long periods. Option A is incorrect because annual penetration tests are periodic and point-in-time; they cannot detect an APT that establishes persistence between test cycles. Option B is wrong because reviewing firewall logs monthly introduces a significant detection gap, and APTs actively work to avoid triggering obvious log entries. Option D is incorrect because quarterly user access reviews focus on authorization governance rather than real-time threat detection of active, stealthy network intrusions.

Topic: · apt, network traffic analysis, behavioral analytics, threat detection

Practice CompTIA CySA+ (CS0-003) Questions Free