CAS-002 · Question #771
CAS-002 Question #771: Real Exam Question with Answer & Explanation
The correct answer is A: Survey threat feeds from services inside the same industry.. Before implementing controls, the CSO should first survey threat intelligence feeds from within the same industry to understand which specific tactics, techniques, and procedures (TTPs) are being used against comparable organizations.
Question
Options
- ASurvey threat feeds from services inside the same industry.
- BPurchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
- CConduct an internal audit against industry best practices to perform a qualitative analysis.
- DDeploy a UTM solution that receives frequent updates from a trusted industry vendor.
Explanation
Before implementing controls, the CSO should first survey threat intelligence feeds from within the same industry to understand which specific tactics, techniques, and procedures (TTPs) are being used against comparable organizations.
Common mistakes.
- B. Purchasing multiple threat feeds and blocking malicious traffic is a reactive implementation step that should follow a threat assessment, not precede it - without context, the CSO risks prioritizing the wrong threats.
- C. An internal audit against best practices measures the organization's compliance posture qualitatively but does not provide specific intelligence about the targeted adversary or their current TTPs.
- D. Deploying a UTM solution is a technical control that addresses broad threats but is not targeted to the specific adversary behavior identified in the CERT alert and should follow threat-informed prioritization.
Concept tested. Threat intelligence gathering before security control implementation
Reference. https://csrc.nist.gov/publications/detail/sp/800-150/final
Community Discussion
No community discussion yet for this question.