Questions: A well-established technology company is overhauling its incident response and management processes. They tasked a cybersecurity analyst with identifying a framework that can help improve their security posture. The analyst recommends the Open Source Security Testing Methodology Manual (OSSTMM) framework. What benefits of OSSTMM should the analyst present? (Select the two best options.) OSSTMM is a framework that focuses on understanding the tactics, techniques, and procedures (TTPs) used by attackers during a cyber attack. OSSTMM is a framework that focuses on identifying and mitigating software vulnerabilities. OSSTMM is a framework that focuses on identifying and analyzing the stages of a cyber attack.

A well-established technology company is overhauling its incident response and management processes. They tasked a cybersecurity analyst with identifying a framework that can help improve their security posture. The analyst recommends the Open Source Security Testing Methodology Manual (OSSTMM) framework. What benefits of OSSTMM should the analyst present? (Select the two best options.) OSSTMM is a framework that focuses on understanding the tactics, techniques, and procedures (TTPs) used by attackers during a cyber attack. OSSTMM is a framework that focuses on identifying and mitigating software vulnerabilities. OSSTMM is a framework that focuses on identifying and analyzing the stages of a cyber attack.
Transcript text: A well-established technology company is overhauling its incident response and management processes. They tasked a cybersecurity analyst with identifying a framework that can help improve their security posture. The analyst recommends the Open Source Security Testing Methodology Manual (OSSTMM) framework. What benefits of OSSTMM should the analyst present? (Select the two best options.) OSSTMM is a framework that focuses on understanding the tactics, techniques, and procedures (TTPs) used by attackers during a cyber attack. OSSTMM is a framework that focuses on identifying and mitigating software vulnerabilities. OSSTMM is a framework that focuses on identifying and analyzing the stages of a cyber attack.
failed

Solution

failed
failed

The answer is the second and fourth options:

  1. OSSTMM is a framework that focuses on identifying and mitigating software vulnerabilities.
  2. OSSTMM is a framework that focuses on identifying and analyzing the stages of a cyber attack.

Explanation:

  • The first option is incorrect because OSSTMM does not specifically focus on understanding the tactics, techniques, and procedures (TTPs) used by attackers during a cyber attack. This is more aligned with frameworks like MITRE ATT&CK.
  • The second option is correct because OSSTMM does include methodologies for identifying and mitigating software vulnerabilities, which is a key aspect of improving security posture.
  • The third option is incorrect because OSSTMM does not solely focus on identifying and analyzing the stages of a cyber attack. This is more characteristic of frameworks like the Cyber Kill Chain.
  • The fourth option is correct because OSSTMM does provide a comprehensive approach to identifying and analyzing various aspects of security, including the stages of a cyber attack.

Summary: The analyst should present the benefits of OSSTMM as a framework that focuses on identifying and mitigating software vulnerabilities and identifying and analyzing the stages of a cyber attack.

Was this solution helpful?
failed
Unhelpful
failed
Helpful

Questions asked by other users

failedAnswered
Explain two ways in which (2 y+7)^2 and 4 y^2+28 y+49 are related. Choose the correct answer below. A. The product of 4 y^2+28 y+49 is (2 y+7)^2 and the factored form of 4 y^2+28 y+49 is (2 y+7)^2. B. The product of (2 y+7)^2 is 4 y^2+28 y+49 and the factored form of (2 y+7)^2 is 4 y^2+28 y+49. C. The product of 4 y^2+28 y+49 is (2 y+7)^2 and the factored form of (2 y+7)^2 is 4 y^2+28 y+49. D. The product of (2 y+7)^2 is 4 y^2+28 y+49 and the factored form of 4 y^2+28 y+49 is (2 y+7)^2.
failedAnswered
Use the properties of inverse functions f(f^(-1)(x))=x for all x in the domain of f^(-1) and f^(-1)(f(x))=x for all x in the domain of f, as well as the definitions of the inverse cotangent function, to find the exact value of the expression. cot(cot^(-1) 25 pi) cot(cot^(-1) 25 pi) = (Simplify your answer. Type an exact answer, using pi as needed. Use integers or fractions for any numbers in the expression.)
failedAnswered
Find the x-intercept. y=(8x+16)/(x-4) ([?], 0)
failedAnswered
Government funding: The following table presents the budget (in millions of dollars) for selected organizations that received U.S. government funding for arts and culture in both 2006 and last year. Organization 2006 Last Year Organization 1 460 441 Organization 2 247 230 Organization 3 142 153 Organization 4 124 173 Organization 5 95 159 Organization 6 18 40 Organization 7 2 4 Compute the least-squares regression line for predicting last year's budget from the 2006 budget. Round the slope and y-intercept to four decimal places as needed.
failedAnswered
The graph to the right represents the cost of movie rentals. (a) How is the graph misleading? A. The graph is not misleading B. It looks like new releases cost about twice as much as regular rentals C. It looks like more people rent new releases. D. It looks like new releases are three times as expensive as bargain rentals