Exam CAS-004 topic 1 question 16 discussion

repeated question 332. Since 332. doesn't have D as an option I would go with B.

D makes more sense, we don't have a mapped adversary to leverage TTPs from MITRE, I mean, where should I start my threat modeling for data theft with no adversaries, groups or campaigns mapped whatsoever?

"proactively"

Key Requirement in the Question: The security engineer wants to proactively manage threats to newly developed, proprietary military technology. This means the approach must be strategic and forward-thinking, not just reactive.Why B is the Best Answer: ✔ MITRE ATT&CK maps out real-world adversary behaviors (Tactics, Techniques, and Procedures—TTPs) used in cyber espionage and data theft. ✔ Helps identify which adversaries (nation-state actors, APTs) might target military prototypes. ✔ Enables proactive threat modeling by mapping vulnerabilities and attack paths before they happen. ✔ Helps security teams align defenses with known attack methods, rather than just reacting. Final Verdict: While A (info-sharing) and D (awareness training) are useful, they aren’t as proactive or strategic as using MITRE ATT&CK to map, predict, and defend against real attack techniques.

To proactively manage the threats to the newly developed proprietary information, the best action for the security engineer would be: A. Join an information-sharing community that is relevant to the company. Joining an information-sharing community allows the company to stay informed about the latest threats, vulnerabilities, and best practices in the defense industry. This collaboration can provide valuable insights into emerging threats specific to military programs and help the company bolster its security measures based on shared knowledge from other organizations facing similar challenges. While option D Update security awareness training essential for employee preparedness, training alone may not be sufficient to proactively address emerging threats specific to proprietary information in military programs.

Ans is A. To proactively manage the threats to the newly developed proprietary information, the best action for the security engineer would be: A. Join an information-sharing community that is relevant to the company. Joining an information-sharing community allows the company to stay informed about the latest threats, vulnerabilities, and best practices in the defense industry. This collaboration can provide valuable insights into emerging threats specific to military programs and help the company bolster its security measures based on shared knowledge from other organizations facing similar challenges. While option D Update security awareness training essential for employee preparedness, training alone may not be sufficient to proactively address emerging threats specific to proprietary information in military programs.

ChatGPT goes with B.

none of the answers make sense.. DLP should be the answer...

to avoid IP theft

A is the answer. this is why;An information-sharing community is a group or network of organizations that share threat intelligence, best practices, and mitigation strategies related to cybersecurity. An information-sharing community can help the company proactively manage the threats of potential theft of its newly developed, proprietary information by providing timely and actionable insights, alerts, and recommendations. An information- sharing community can also enable collaboration and coordination among its members to enhance their collective defense and resilience.

To BEST manage the threats proactively in the context of potential theft of proprietary information, the security engineer should consider: B. Leverage the MITRE ATT&CK framework to map the TTP (Tactics, Techniques, and Procedures). Explanation: MITRE ATT&CK Framework: The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a comprehensive knowledge base that provides information about the tactics, techniques, and procedures employed by adversaries. By leveraging this framework, the security engineer can proactively identify and understand potential threats, tactics used by adversaries, and the techniques employed to achieve their goals.

D is only for non-security person aka ordinary employee.

After carefully reviewing this poorly worded question, you would want the engineer to review the TTPS from the MITRE ATT&CK Framework because he can update the security awareness program to reference the TTPS. If he just UPDATES the program, what is he going to technically update? answer D doesn't define it which is why I believe it's not correct

B. Leverage the MITRE ATT&CK framework to map the TTP. In this scenario, the security engineer should leverage the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to map the Tactics, Techniques, and Procedures (TTP) that potential adversaries might use to steal the proprietary information. The MITRE ATT&CK framework provides a comprehensive and structured knowledge base of known adversary behaviors, allowing security professionals to proactively identify and understand potential threats. While joining an information-sharing community (A) can provide valuable insights and collaboration opportunities, it may not directly address the specific concern of theft of proprietary information. OSINT techniques (C) can provide additional intelligence on potential threats, but the MITRE ATT&CK framework is more tailored to understanding adversary behaviors. Updating security awareness training (D) is generally important, but it may not be as proactive or targeted in managing the specific threat of theft of proprietary information.

I believe people are the weakest link and in order to be proactive, you need to start with People.

A. Join an information-sharing community that is relevant to the company. By joining an information-sharing community, the security engineer can stay up-to-date on any new threats or attacks targeting the military program, as well as receive information on best practices and mitigation strategies. This will allow the company to proactively manage and address any potential threats to its proprietary information. Option B, C, and D are also important steps, but they are reactive measures and not as proactive as joining an information-sharing community.

CompTIA is not great at wording these questions. I could make an argument for both B and D. In this specific scenario, it appears that we're concerned with ONE threat specifically: theft of proprietary information (answer would be D). However, the word "threats" implies otherwise (answer could be B).