CompTIA Updated CAS-005 Exam Questions and Answers by madeleine

D. STIX (Structured Threat Information eXpression): STIX is a standardized language for representing threat information in a structured and machine-readable format. It facilitates the sharing ofthreat intelligence by ensuring that data is consistent and can be easily understood by all parties involved.

E. TAXII (Trusted Automated eXchange of Indicator Information): TAXII is a transport mechanism that enables the sharing of cyber threat information over a secure and trusted network. It works in conjunction with STIX to automate the exchange of threat intelligence among organizations.

Other options:

A. CWPP (Cloud Workload Protection Platform): This focuses on securing cloud workloads and is not directly related to threat intelligence sharing.

B. YARA: YARA is used for malware research and identifying patterns in files, but it is not a platform for sharing threat intelligence.

C. ATT & CK: This is a knowledge base of adversary tactics andtechniques but does not facilitate the sharing of threat intelligence data.

F. JTAG: JTAG is a standard for testing and debugging integrated circuits, not related to threat intelligence.

CVE (Common Vulnerabilities and Exposures)provides unique identifiers for publicly known cybersecurity vulnerabilities and exposures. Each CVE entry includes a description and, often, remediation information. CVSS refers to scoring severity, CCE focuses on configuration issues, and CPE deals with naming standardized platforms and systems.

The best solution is to implement an interactive honeypot (A). Honeypots are decoy systems designed to attract and observe adversary behavior in real time. When security tools cannot categorize suspicious inbound traffic, a honeypot provides an isolated environment where the suspicious activity can be redirected and monitored without risking production systems. By deploying an interactive honeypot, analysts can study attacker tactics, techniques, and procedures (TTPs), extract Indicators of Compromise (IoCs), and improve defensive controls.

Option B (mapping to known IoCs) fails because the activity cannot be categorized, implying it is novel or not yet identified in threat intelligence feeds. Option C (monitoring the dark web) provides intelligence about potential threats but does not address real-time inbound suspicious activity. Option D (UEBA) focuses on analyzing user and entity behaviors but is less effective for categorizing inbound external traffic.

By using honeypots, organizations gain visibility into new, unknown, or advanced attack techniques, which helps improve detection capabilities, enrich threat intelligence, and strengthen incident response.

To ensure that logs from a legacy platform are properly retained beyond the default retention period, configuring the SIEM to aggregate the logs is the best approach. SIEM solutions are designed to collect, aggregate, and store logs from various sources, providing centralized log management and retention. This setup ensures that logs are retained according to policy and can be easily accessed for analysis and compliance purposes.