IT Certification exam information exchange, brain dumps discussions sharing.
You are not logged in. Please login or register.
Share Test → Dumps Discussions Sharing → CS0-003 topic 1 question 130
Following a recent security incident, the Chief Information Security Officer is concerned with improving visibility and reporting of malicious actors in the environment. The goal is to reduce the time to prevent lateral movement and potential data exfiltration. Which of the following techniques will best achieve the improvement?
A.
Mean time to detect
B.
Mean time to respond
C.
Mean time to remediate
D.
Service-level agreement uptime
The detection already occured and you are preventing lateral movement therefore you are concerned about Mean Time To RESPOND to prevent further damage after detection
Correct
Improving the Mean Time to Detect (MTTD) is the most relevant technique to achieve the goal of reducing the time to prevent lateral movement and potential data exfiltration by malicious actors.
MTTD measures the average time it takes for an organization to detect a security incident or malicious activity once it has occurred. By reducing MTTD, you can identify security threats more quickly, which allows for a faster response to contain the threat, prevent lateral movement, and potentially stop data exfiltration before it occurs.
The question specifically mentions improving the visibility and reporting of malicious actors to reduce the time to prevent lateral movement and potential data exfiltration. Option B, "Mean time to respond," directly addresses the need to react swiftly once a security incident is detected.
When stuck between A and B I would compare the outcome with having one working well and one working poorly.
If you know you'll detect it, it can eventually br resolved.
If you never detect it or 6 months later?...
I go with A. Mean time to detect
My vote is for A. We have to address the concern, which is the reporting of vulnerabilities (MTTD). The goal, which is reducing the time to allow for traversal, etc. (MTTR) depends heavily on how quickly the vulnerability is detected and reported to the CSIO/CSIRT.
Which of the following techniques will best achieve the improvement? So to best achieve the improvement , I would go for A . If the question asked to reduce the time to prevent , I would go for B. Here I am leaning towards A.
The question gives you two goals...
Goal 1: Improve visibility and reporting. Option A directly addresses this concern
Goal 2: Reduce time it takes to prevent lateral movement and data exfilration. Option B directly addresses this concern
Based on how the question is worded this really should be a "pick two" question.
Both A and B would reduce the time to prevent lateral movement and potential data exfiltration.
If A was improved, the team would be able to act sooner
If B was improved, the team would respond faster
The CISO wants to improve "visibility and reporting of malicious actors". Only A addresses this. As with B, the reporting has already occurred.
Given this, my answer is A.
I was going to say C and then changed to B, but then I thought you can't fix what you don't know is broken, especially zero-days.
Mean time to respond (MTTR) measures the average time taken to respond to and mitigate a security incident once it has been detected. Reducing MTTR is crucial in minimizing the window of opportunity for attackers to move laterally within the network or exfiltrate data. A quicker response, involving containment and mitigation actions, helps prevent or limit the extent of lateral movement and data exfiltration by malicious actors after detection of a security incident.
From the Sybex Study Guide for CySA+ 003, page 437:
Mean time to respond measures the time from detection to assessing the event as an incident and activating the process. It’s important to differentiate that from the next metric,
mean time to remediate, as remediation can vary based on the size and complexity of
the incident.
Selected Answer: A
Concern : Security Officer is concerned with "improving" visibility and reporting of malicious actors in the environment.
Goal: To reduce the time to prevent lateral movement and potential data exfiltration
Asking for: Which of the following techniques will best achieve the "improvement"?
Leaning towards MTTD
Share Test → Dumps Discussions Sharing → CS0-003 topic 1 question 130
Note: This forum is a platform for users to share insights and discuss exam-related topics. We do not provide authentic exam questions or answers. The content here is contributed by community members and is meant for collaborative learning and discussion purposes only. Users are encouraged to refer to official sources for accurate exam materials.