Which of the following is the BEST approach for the consultant to consider when modeling the client’s attack surface?

A consultant evaluating multiple threat intelligence leads to assess potential risks for a client.

Which of the following is the BEST approach for the consultant to consider when modeling the client’s attack surface?
A . Ask for external scans from industry peers, look at the open ports, and compare Information with the client.
B . Discuss potential tools the client can purchase lo reduce the livelihood of an attack.
C . Look at attacks against similar industry peers and assess the probability of the same attacks happening.
D . Meet with the senior management team to determine if funding is available for recommended solutions.

View Answer

Answer: C

Explanation:

A good approach for modeling the client’s attack surface is to look at attacks against similar industry peers and assess the probability of the same attacks happening. This can help the consultant to identify the most relevant and likely threats for the client based on their industry sector, size, location, and other factors. This can also help the consultant to prioritize the most critical risks and recommend appropriate mitigation strategies. Asking for external scans from industry peers (A) may not be feasible or reliable, as industry peers may not share their scan results or have different security configurations and vulnerabilities than the client. Discussing potential tools the client can purchase (B) may not be effective, as tools alone cannot reduce the likelihood of an attack without proper implementation and management. Meeting with senior management team (D) may not be helpful, as funding is not directly related to modeling the attack surface and may depend on other factors such as budget constraints and risk appetite.