Exam CAS-004 topic 1 question 332 discussion

Similar to #16

You don't know the kind of adversary that you are protecting from, that is why a choose: Information Sharing and Analysis Centers (ISACs) or similar communities are industry-specific groups where organizations share threat intelligence, vulnerabilities, and best practices. Why not MITRE ATTACK: It helps in understanding and responding to attacks rather than proactively preventing them. Requires significant effort to map and apply TTPs to the company's context.

Ans A. The question says manage the threat proactively not reactively. So with this, Information Sharing: Joining a relevant information-sharing community (such as an Information Sharing and Analysis Center or industry-specific security groups) allows the company to stay informed about emerging threats, vulnerabilities, and attack vectors that are pertinent to their sector. This is the answer to the question. This proactive approach helps in understanding and preparing for threats that may specifically target their technology or industry. While on the other hand, B. Leverage the MITRE ATT&CK framework to map the TTPs (Tactics, Techniques, and Procedures): This is useful for understanding potential attack methods and improving defensive strategies, but it’s more about reacting to known threats rather than proactively managing threats.

repeated question 16.

This was on my CYSA+ exam, i picked A then, not if i got it or not but... oh well. I'll pick it again.

Leverage the MITRE ATT&CK framework to map the TTP. He is just concerned about theft and wants to know how to protect against it, PROACTIVE APPROACH - MITRE ATT&CK

I would say direct information on known tactics of data exfiltration would be better than an information sharing community.

B. Leverage the MITRE ATT&CK framework to map the TTPs. The MITRE ATT&CK framework is a knowledge base of adversary tactics and techniques based on real-world observations. It can be used to map the tactics, techniques, and procedures (TTPs) that are most likely to be used to target the company's proprietary information. Once the TTPs have been mapped, the security engineer can develop and implement countermeasures to mitigate the risks. For example, if the security engineer identifies that the company is at risk of a spear-phishing attack, they can implement security awareness training for employees and deploy email filtering solutions. Why A. Join an information-sharing community that is relevant to the company is not correct: Joining an information-sharing community can be helpful for staying up-to-date on the latest threats and trends. However, it is not a substitute for mapping the TTPs that are most likely to be used to target the company's proprietary information.

A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information. Which of the following should the security engineer do to BEST manage the threats proactively? A. Join an information-sharing community that is relevant to the company. B. Leverage the MITRE ATT&CK framework to map the TTP. C. Use OSINT techniques to evaluate and analyze the threats. D. Implement a network-based intrusion detection system.

Of course ChatGPT is being WEIRD AF. I posted Q17 (its verbatim to this Q) and then ChatGPT changed its answer to B....

A. Join an information-sharing community that is relevant to the company. Joining an information-sharing community that is relevant to the company is the best proactive approach to managing threats related to potential theft of proprietary information. Information-sharing communities, often established for specific industries or sectors, facilitate the exchange of threat intelligence and cybersecurity information among member organizations. By participating in such a community, the small company can gain access to timely threat intelligence, indicators of compromise (IoCs), and best practices for protecting their proprietary technology. This enables the company to stay informed about emerging threats and take proactive measures to secure their intellectual property. While leveraging the MITRE ATT&CK framework, using OSINT techniques, and implementing a network-based intrusion detection system are all valuable security practices, they may not be as effective in proactively managing threats related to the specific context of potential theft of newly developed proprietary information for a military program.

It company owned, you dont wana share secrets with your competitors

Join an information-sharing community that is relevant to the company

I'm voting B but can someone tell me why it's not A?