Threat Exposure Check involves using multiple tools to look for indicators of compromise retrieved from which sources?

The idea being tested is that a thorough threat exposure check looks for indicators of compromise across a broad mix of sources, not just one place. Pulling IOCs from intelligence vendors, information-sharing partners, government alerts, and OSINT sources gives a wide view of active threats and campaigns. This diverse feed captures a range of indicators—malicious domains, IPs, file hashes, and TTPs—from vendors who aggregate telemetry, partners who share industry-specific intel, official government advisories, and open-source intelligence. Relying on a single source like internal logs or one vendor limits visibility and may miss new or broader threats. Public vulnerability databases are useful for vulnerabilities themselves but don’t always provide the live IOC signals associated with active compromises. So the best approach is a multi-source intake that includes those intelligence channels, which is why that option is the correct one.