Exam CS0-002 topic 1 question 279 discussion

https://www.examtopics.com/discussions/comptia/view/69696-exam-cs0-002-topic-1-question-212-discussion/

ATT&CK is valuable for understanding attacker behavior, it's a foundational tool. It won't directly identify ongoing threats in the organization's network.

If you want to identify threats you need threat research

The security analyst wants to take a proactive approach to identify the threats, which suggests that they are not yet known. So the analyst can perform the following techniques: Threat hunting: This involves actively searching for indicators of compromise (IOCs), unusual behaviors, and hidden threats within the organization's network or Threat intelligence: This involves gathering and analyzing information about known and emerging threats to improve the organization's security posture.

CompTIA guide says: Threat hunting utilizes insights gained from threat research and threat modeling to proactively discover whether there is evidence of TTPs already present within the network or system. This contrasts with a reactive process that is only triggered when alert conditions are reported through an incident management system.

A it was not B on the last dump so it wouldn't be it now

A. Use the MITRE ATT&CK framework to develop threat models. The security analyst should recommend using the MITRE ATT&CK framework to develop threat models. The MITRE ATT&CK framework is a comprehensive knowledge base that catalogs and organizes different techniques and tactics used by threat actors during various stages of a cyberattack. By using this framework, organizations can proactively identify and understand potential threats and develop effective defense strategies. The framework provides a structured approach to mapping and analyzing attack techniques, enabling security teams to stay ahead of evolving threats and improve their overall security posture.

With MITRE ATT&CK framework the security analyst can identify potential attack vectors and understand the tactics and techniques used by threat actors. This approach can help the organization proactively identify and prevent attacks before they occur. Conducting internal threat research and establishing indicators of compromise, IS a REACTIVE approach that is NOT proactive. It is more focused on responding to incidents after they occur, rather than preventing them from occurring in the first place.

I’m going with A. B is reactive

only information we have is increased levels of malicious traffic. Too early to map TTP on Mitre Att&ck framework in my opinion. In any case, if you are in the field, most likely that threat research will always be part of it.

Keyword: "Proactive" threat hunting is the only answer here that is proactive.

Because commenting was too short, its A

"proactive approach to identify the threats" it is definition of threat hunting so the answer is B

A is the Correct answer, In the question it asking Analyst wanted to identified type of threat not IoC inside the organization. A is definitely correct answer.

saw a comment thatai said b.. but gpt says a.. A. Using the MITRE ATT&CK framework to develop threat models is the BEST approach the security analyst should recommend to identify the threats that are acting against the organization's network in a more proactive manner. The MITRE ATT&CK framework is a comprehensive knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks. It provides a structured and systematic approach to developing threat models by identifying the various tactics and techniques that an adversary may use to carry out an attack. By using the MITRE ATT&CK framework, the security analyst can gain a better understanding of the potential threats and develop a proactive approach to detect and respond to them. Conducting internal threat research and establishing indicators of compromise (Option B) can also be an effective approach to identifying threats; however, it is a more reactive approach and may not be as proactive as using the MITRE ATT&CK framework.

According Ai, The most appropriate answer is B. Conducting internal threat research will help the analyst identify the types of threats that are currently directed at the organization, better understand attack patterns, and establish indicators of compromise (IoC) based on this data. These IoCs can then be used to detect threats in the future, as well as to adjust security strategies. The other options are not as proactive and do not fully identify current threats.

I chose A, Use the MITRE ATT&CK framework to develop threat models, because it is the most comprehensive and proactive approach to identifying the threats that are acting against an organization's network. The MITRE ATT&CK framework is a comprehensive knowledge base of tactics, techniques, and procedures used by threat actors. By using this framework to develop threat models, security analysts can identify potential threats, assess the risk they pose, and develop mitigation strategies to prevent or minimize the impact of an attack.