CompTIA CASP+ (CAS-003) — Question 161
An organization wants to arm its cybersecurity defensive suite automatically with intelligence on zero-day threats shortly after they emerge. Acquiring tools and services that support which of the following data standards would BEST enable the organization to meet this objective?
Answer options
- A. XCCDF
- B. OVAL
- C. STIX
- D. CWE
- E. CVE
Correct answer: C
Explanation
The correct answer is C, STIX, which is specifically designed for sharing threat intelligence, including zero-day vulnerabilities. Options A (XCCDF) and B (OVAL) focus more on security compliance and vulnerability assessment rather than immediate threat intelligence. D (CWE) is a classification of software weaknesses, while E (CVE) provides identifiers for vulnerabilities but does not facilitate the real-time sharing of intelligence.