A Chief Information Security Officer wants to map all the attack vectors that the company faces each day. Which of the following recommendations should the company align their security controls around?
D. MITRE ATT&CK.
The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a comprehensive knowledge base that provides detailed information about various attack techniques and tactics employed by adversaries. It categorizes and describes different attack vectors, tactics, and techniques used in real-world cyberattacks. Organizations can use the MITRE ATT&CK framework to understand the threats they face, map security controls to specific attack techniques, and develop effective defensive strategies.
While options A (OSSTMM), B (Diamond Model of Intrusion Analysis), and C (OWASP) are valuable resources for specific aspects of cybersecurity and threat analysis, they do not provide the same level of detailed attack vector mapping and coverage as the MITRE ATT&CK framework, which is specifically designed for this purpose.
From Sybex 003 Guide:
difference between an organization’s attack surface, or the systems, services, and other elements of the organization that can be attacked and attack vectors, or how the attack can be accomplished.
Attack vectors = TTP = MITRE
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
FoeMarc
Highly Voted 6 months, 1 week ago[Removed]
Most Recent 5 months, 1 week agokmordalv
8 months, 1 week ago