Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CS0-003 Topic 8 Question 16 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 16
Topic #: 8
[All CS0-003 Questions]

A vulnerability analyst is writing a report documenting the newest, most critical vulnerabilities identified in the past month. Which of the following public MITRE repositories would be best to review?

Show Suggested Answer Hide Answer
Suggested Answer: B

The Common Vulnerabilities and Exposures (CVE) is a public repository of standardized identifiers and descriptions for common cybersecurity vulnerabilities. It helps security analysts to identify, prioritize, and report on the most critical vulnerabilities in their systems and applications.The other options are not relevant for this purpose: Cyber Threat Intelligence (CTI) is a collection of information and analysis on current and emerging cyber threats; Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the ATT&CK adversary model; ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

Reference: According to the CompTIA CySA+ Study Guide: Exam CS0-003, 3rd Edition1, one of the objectives for the exam is to ''use appropriate tools and methods to manage, prioritize and respond to attacks and vulnerabilities''. The book also covers the usage and syntax of various cybersecurity frameworks and standards, such as CVE, CTI, CAR, and ATT&CK, in chapter 1.Specifically, it explains the meaning and function of each framework and standard, such as CVE, which provides a common language for describing and sharing information about vulnerabilities1, page 28. Therefore, this is a reliable source to verify the answer to the question.


by Abel at Apr 12, 2024, 11:46 PM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Raymon
7 days ago
You know, I'm surprised ATT&CK isn't one of the options. That's a pretty well-known MITRE framework for cataloging adversary tactics and techniques.
upvoted 0 times
...
Ronny
7 days ago
I'm pretty sure the Cyber Analytics Repository is made up. Sounds like something they'd throw in to see if we're paying attention. Gotta love these vendors and their tricks.
upvoted 0 times
...
Stephen
8 days ago
I definitely agree. Between CVE, ATT&CK, and now this 'Cyber Analytics Repository' thing, it's a lot to keep track of. Wait, is that even a real MITRE repo?
upvoted 0 times
...
Micah
9 days ago
Nah, I don't think so. C) sounds more like a repository for threat analysis, not vulnerability info. I'm sticking with B) Common Vulnerabilities and Exposures.
upvoted 0 times
...
Buddy
9 days ago
I know, right? It's like they want us to be cybersecurity encyclopedias or something. But hey, at least this one seems a little more straightforward than some of the other questions.
upvoted 0 times
...
Nobuko
10 days ago
Ugh, another vulnerability question. I feel like these exams are just trying to trip us up with all these obscure MITRE repositories. How are we supposed to remember all of these?
upvoted 0 times
...
Roxane
10 days ago
I don't know, you guys. I'm kind of tempted by option C) Cyber Analytics Repository. That sounds like it might have some juicy data on the latest threats and vulnerabilities.
upvoted 0 times
...
Tesha
11 days ago
Ha! Looks like the exam writer is trying to trip us up with those options. I'm going to go with B) as well. It just seems like the most logical choice.
upvoted 0 times
...
Oretha
13 days ago
I'm leaning towards B) Common Vulnerabilities and Exposures. That sounds like it might have the most up-to-date information on the newest and most critical vulnerabilities.
upvoted 0 times
...
Loreen
15 days ago
Wow, this is a tricky one. I'm not sure which one would be the best to review. They all sound like they might have some relevant information, but I'm not familiar with the MITRE repositories.
upvoted 0 times
...

Save Cancel