Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CompTIA Exam CS0-003 Topic 8 Question 16 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 16
Topic #: 8
[All CS0-003 Questions]

A vulnerability analyst is writing a report documenting the newest, most critical vulnerabilities identified in the past month. Which of the following public MITRE repositories would be best to review?

Show Suggested Answer Hide Answer
Suggested Answer: B

The Common Vulnerabilities and Exposures (CVE) is a public repository of standardized identifiers and descriptions for common cybersecurity vulnerabilities. It helps security analysts to identify, prioritize, and report on the most critical vulnerabilities in their systems and applications.The other options are not relevant for this purpose: Cyber Threat Intelligence (CTI) is a collection of information and analysis on current and emerging cyber threats; Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the ATT&CK adversary model; ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

Reference: According to the CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition1, one of the objectives for the exam is to ''use appropriate tools and methods to manage, prioritize and respond to attacks and vulnerabilities''. The book also covers the usage and syntax of various cybersecurity frameworks and standards, such as CVE, CTI, CAR, and ATT&CK, in chapter 1.Specifically, it explains the meaning and function of each framework and standard, such as CVE, which provides a common language for describing and sharing information about vulnerabilities1, page 28. Therefore, this is a reliable source to verify the answer to the question.


by Abel at Apr 12, 2024, 11:46 PM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Raymon
8 days ago
You know, I'm surprised ATT&CK isn't one of the options. That's a pretty well-known MITRE framework for cataloging adversary tactics and techniques.
upvoted 0 times
...
Ronny
8 days ago
I'm pretty sure the Cyber Analytics Repository is made up. Sounds like something they'd throw in to see if we're paying attention. Gotta love these vendors and their tricks.
upvoted 0 times
...
Stephen
9 days ago
I definitely agree. Between CVE, ATT&CK, and now this 'Cyber Analytics Repository' thing, it's a lot to keep track of. Wait, is that even a real MITRE repo?
upvoted 0 times
...
Micah
10 days ago
Nah, I don't think so. C) sounds more like a repository for threat analysis, not vulnerability info. I'm sticking with B) Common Vulnerabilities and Exposures.
upvoted 0 times
...
Buddy
10 days ago
I know, right? It's like they want us to be cybersecurity encyclopedias or something. But hey, at least this one seems a little more straightforward than some of the other questions.
upvoted 0 times
...
Nobuko
11 days ago
Ugh, another vulnerability question. I feel like these exams are just trying to trip us up with all these obscure MITRE repositories. How are we supposed to remember all of these?
upvoted 0 times
...
Roxane
11 days ago
I don't know, you guys. I'm kind of tempted by option C) Cyber Analytics Repository. That sounds like it might have some juicy data on the latest threats and vulnerabilities.
upvoted 0 times
...
Tesha
12 days ago
Ha! Looks like the exam writer is trying to trip us up with those options. I'm going to go with B) as well. It just seems like the most logical choice.
upvoted 0 times
...
Oretha
14 days ago
I'm leaning towards B) Common Vulnerabilities and Exposures. That sounds like it might have the most up-to-date information on the newest and most critical vulnerabilities.
upvoted 0 times
...
Loreen
16 days ago
Wow, this is a tricky one. I'm not sure which one would be the best to review. They all sound like they might have some relevant information, but I'm not familiar with the MITRE repositories.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77