Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam CS0-003 Topic 5 Question 10 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 10
Topic #: 5
[All CS0-003 Questions]

A Chief Information Security Officer wants to map all the attack vectors that the company faces each day. Which of the following recommendations should the company align their security controls around?

Show Suggested Answer Hide Answer
Suggested Answer: D

The correct answer is D. MITRE ATT&CK.

MITRE ATT&CK is a framework that maps the tactics, techniques, and procedures (TTPs) of various threat actors and groups, based on real-world observations and data. MITRE ATT&CK can help a Chief Information Security Officer (CISO) to map all the attack vectors that the company faces each day, as well as to align their security controls around the most relevant and prevalent threats. MITRE ATT&CK can also help the CISO to assess the effectiveness and maturity of their security posture, as well as to identify and prioritize the gaps and improvements .

The other options are not the best recommendations for mapping all the attack vectors that the company faces each day. OSSTMM (Open Source Security Testing Methodology Manual) (A) is a methodology that provides guidelines and best practices for conducting security testing and auditing, but it does not map the TTPs of threat actors or groups. Diamond Model of Intrusion Analysis (B) is a model that analyzes the relationships and interactions between four elements of an intrusion: adversary, capability, infrastructure, and victim. The Diamond Model can help understand the characteristics and context of an intrusion, but it does not map the TTPs of threat actors or groups. OWASP (Open Web Application Security Project) is a project that provides resources and tools for improving the security of web applications, but it does not map the TTPs of threat actors or groups.


Contribute your Thoughts:

Cary
8 months ago
I don't know, you guys. I think OWASP might be a better fit here. It's specifically focused on web application security, which is where a lot of the attack vectors are these days.
upvoted 0 times
...
Isidra
8 months ago
Yeah, I'm leaning towards MITRE ATT&CK as well. It's become the industry standard for threat modeling and incident response. Plus, it's constantly updated to keep up with the latest threats.
upvoted 0 times
...
Elise
8 months ago
I agree, Gabriele. MITRE ATT&CK seems to be the most well-known and widely-used framework for this kind of thing. It covers a broad range of attack techniques and tactics.
upvoted 0 times
...
Gabriele
8 months ago
Hmm, this is a tricky one. I think the key here is to look at the different frameworks and models mentioned and see which one is most comprehensive in mapping out attack vectors.
upvoted 0 times
...

Save Cancel