ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-005 All Questions

View all questions & answers for the CAS-005 exam
Go to Exam

Exam CAS-005 topic 1 question 26 discussion

Actual exam question from CompTIA's CAS-005
Question #: 26
Topic #: 1
[All CAS-005 Questions]

A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATTACK framework specific to APTs. Which of the following should be used by the organization to accomplish this goal?

  • A. Tabletop exercise
  • B. Penetration test
  • C. Sandbox detonation
  • D. Honeypot
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by vicbersong at April 25, 2025, 12:31 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vicbersong
1 week, 6 days ago
Selected Answer: B
🔍 Why the Others Are Less Appropriate: A. Tabletop exercise Simulates incident response in a discussion-based format — no real testing of controls or detection capabilities. C. Sandbox detonation Tests how malware behaves in a safe environment — useful for analyzing malicious files, not TTP-based detection across the network. D. Honeypot Lures attackers for monitoring, but passive and not suited for systematic, targeted testing based on a known framework like MITRE ATT&CK.
upvoted 1 times
...
vicbersong
1 week, 6 days ago
Selected Answer: B
To test and verify capabilities to detect and/or prevent specific TTPs (Tactics, Techniques, and Procedures) from the MITRE ATT&CK framework — especially those used by Advanced Persistent Threats (APTs) — an organization needs a realistic, controlled simulation of attacks. A penetration test (or more specifically, a red team engagement) can be tailored to emulate adversary behavior mapped directly to the MITRE ATT&CK framework. This allows the organization to: Actively test defenses against known APT TTPs. Identify detection gaps and improve response. Measure how well existing security controls and processes perform.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago