CompTIA CAS-005 Exam - Topic 3 Question 30 Discussion

Actual exam question for CompTIA's CAS-005 exam

Question #: 30
Topic #: 3

A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring The architect's goal is to:

* Create a collection of use cases to help detect known threats

* Include those use cases in a centralized library for use across all of the companies

Which of the following is the best way to achieve this goal?

ASigma rules

BAriel Query Language

CUBA rules and use cases

DTAXII/STIX library

Show Suggested Answer

Suggested Answer: A

To create a collection of use cases for detecting known threats and include them in a centralized library for use across multiple companies withdifferent vendors, Sigma rules are the best option. Here's why:

Centralized Rule Management: By using Sigma rules, the cybersecurity architect can create a centralized library of detection rules that can be easily shared and implemented across different detection and monitoring systems used by the acquired companies. This ensures consistency in threat detection capabilities.

Ease of Use and Flexibility: Sigma provides a structured and straightforward format for defining detection logic. It allows for the easy creation, modification, and sharing of rules, facilitating collaboration and standardization across the organization.

by Jacquline at Jun 16, 2026, 06:27 PM

Limited Time Offer

25%

Off

Get Premium CAS-005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!