https://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part1-overview.html "There are three Capabilities that the current version of TAXII supports: push messaging, pull messaging, and discovery." "Discovery does, however, allow for the automated exchange of information..." The correct answer is A and B
A. exchange refers to the ability of TAXII to exchange Cyber Threat Intelligence (CTI) information between different systems and organizations in a secure and standardized way. This enables different CTI providers to share and consume information in a consistent and interoperable manner.
B. pull messaging refers to the ability of TAXII to use a pull-based messaging model, which allows a client to request specific CTI information from a server, rather than receiving unsolicited CTI information. This allows clients to only receive the CTI information that is relevant to them.
Not understanding how so many folks vote for A when the TAXII specifications on github repeatedly refer to the binding attributes in very obvious language. Not to mention that answer B is an exchange, so choosing A is redundant. Note that the Official Cert Guide provides a link to the github project as well.
Cisco ScanCenter allows you to pull information on incidents detected by CTA down to your client for further correlation analysis and archival. The service supports MITRE's Trusted Automated eXchange of Indicator Information (TAXII) standard for integration with your Security Information and Event Management (SIEM) system. The TAXII standard specifies transport mechanisms used to share cyber threat information between systems.
Correct Answer B, C
TAXII implementers have a great deal of flexibility in choosing which TAXII Capabilities they support. As noted earlier, TAXII is bound to neither a particular network protocol nor to a particular message binding. In order to facilitate automated communication, TAXII includes the ability to discover the specific TAXII Services a TAXII user (or group of TAXII users) fields, as well as their network address and supported bindings. This does not remove the need for human involvement in the establishment of sharing agreements - sharing agreement negotiation is outside the scope of TAXII. Discovery does, however, allow for the automated exchange of information about which TAXII Capabilities a Producer might support and the technical mechanisms they employ in doing so.
The Correct answer is A and B.Tax11 supports pull, push, and discovery. So discovery means exchange.https://www.forumstandaardisatie.nl/open-standaarden/stix-en-taxii
B and C are correct
TAXII does not offer the exchange of the information as a service, enables the exchange, through its services that standardize information. The Standardization is accomplished through bindings, which TAXII defines: Message Binding Specification, Protocol Binding Specification, Content Binding Reference.
http://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part2-services.html
The Discovery Service provides a requester with a list of TAXII Services and how these Services can be invoked (i.e., the address of the TAXII Daemon that implements that service and the bindings that Daemon supports).
https://taxiiproject.github.io/releases/1.1/TAXII_Overview.pdf
Trusted Automated eXchange of Indicator Information (TAXII ™) defines a set of services and message
exchanges that, when implemented, enable sharing of actionable cyber threat information across
organization and product/service boundaries. TAXII, through its member specifications, defines
concepts, protocols and messages to exchange cyber threat information for the detection, prevention,
and mitigation of cyber threats. TAXII is not an information sharing initiative...
I gained new insight:
STIX is structured languages to standardise threat information. Taxii is a protocol for automated exchange of this information. https://www.forumstandaardisatie.nl/open-standaarden/stix-en-taxii
its AB
With the definition listed below: How does C, D, and E communicate that information?
STIX is the critical threat information. TAXII is the protocol to communicate it.
Trusted Automated Exchange of Intelligence Information (TAXII) is an application layer protocol specially designed to enable the exchange of STIX objects for facilitating cyber threat intel sharing and communication.
TAXII runs over HTTPS which also makes it secure and suitable for building online services that can consume and process STIX objects. It provides the developers an ability to build TAXII servers and TAXII clients which can communicate with each other in a request/response manner.
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
statikd
Highly Voted 3 years, 4 months agokarmaomar
Highly Voted 3 years, 4 months agoMarshpillowz
Most Recent 7 months, 1 week agoSegaMasterSystemAdmin
1 year, 8 months agosull3y
1 year, 9 months agoColonelSRW
2 years, 3 months agobrownbear505
2 years, 8 months agoelast1c
2 years, 9 months agojfuentesf
2 years, 11 months agopfunkylol
2 years, 11 months agoAlee86
3 years, 1 month agoAlee86
3 years, 1 month agoSarbi
3 years, 2 months agoDinges
3 years, 4 months agoDinges
3 years, 4 months agosamismayilov
3 years, 5 months agobobby14
3 years, 9 months agoN0PT4U
3 years, 8 months agoCISCO_CCNP
4 years agothegreek1
4 years agoN0PT4U
3 years, 8 months ago