An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organization's requirement?
A TAXII server is a client that exchanges standardized and anonymized cyber threat intelligence among users. It works as a venue for sharing and collecting Indicators of compromise, which have been anonymized to protect privacy.
Trusted Automated Exchange of Intelligence Information (TAXII™) is an application protocol for exchanging CTI over HTTPS. TAXII defines a RESTful API and a set of requirements for TAXII Clients and Servers
TAXII is an open standard that defines a set of
services and message exchanges used to share information. It
provides a standard way for organizations to exchange cyber
threat information, but it does not specify what information
organizations should exchange.
Implementing a TAXII (Trusted Automated Exchange of Indicator Information) server would most likely meet the organization's requirement for threat intelligence information sharing with peer groups. TAXII is a standard for exchanging threat intelligence information, allowing organizations to share and receive threat intelligence with other entities that also use TAXII.
Subscribing to threat intelligence feeds (Option B) is a valid approach to gain access to threat intelligence information, but it does not specifically address the organization's requirement for actively participating in threat intelligence information sharing with peer groups.
In conclusion, according to the CompTIA Security+ SY0-601 exam objectives, the BEST option to meet the organization's requirement for threat intelligence information sharing with peer groups is D. Implement a TAXII server. This enables the organization to actively share threat intelligence with other entities and receive intelligence from them as well.
It isn't typical for organizations to build TAXII servers, unless they are a security vendor, but they often connect to TAXII servers to download threat intelligence documented in the STIX taxonomy. MISP can be configured to do this.
Yes, but the question states they would like to "participate in threat intelligence information sharing", so the answer must be D, TAXII server. If they subscribe to security feeds, they are only receiving information - they are not sharing any in return.
I was thinking it was B until you stated that. Thanks for the help!
upvoted 4 times
...
...
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Boogie_79
Highly Voted 2 years, 10 months agoyasuke
Highly Voted 2 years, 8 months agoshady23
Most Recent 1 year, 1 month agoLordJaraxxus
1 year, 4 months ago[Removed]
1 year, 5 months agoGenerativeAI
1 year, 5 months agoProtract8593
1 year, 11 months agoDALLASCOWBOYS
2 years, 5 months agoakingokay
2 years, 6 months agovarun0
2 years, 10 months agostoneface
2 years, 10 months agoJakalan7
2 years, 9 months agocutemantoes
2 years, 3 months ago