Question
A security analyst is trying to explain attack methodology frameworks in the context of protecting cloud-based applications and data.
Which of the following solutions can help the analyst in achieving this objective?
answer
Threat modeling
Public key infrastructure (PKI)
Cloud access security broker (CASB)
Security orchestration, automation, and response (SOAR)
Which of the following solutions can help the analyst in achieving this objective?
answer
Threat modeling
Public key infrastructure (PKI)
Cloud access security broker (CASB)
Security orchestration, automation, and response (SOAR)
Answers
GPT-5 mini
Correct choices: Threat modeling, CASB, and SOAR.
Why:
- Threat modeling: Directly designed to identify likely attack paths, assets, adversary goals and mitigations β exactly what you need to explain attack methodologies and map them to controls in a cloud context.
- CASB: Gives visibility and policy enforcement for cloud apps (user activity, data flows, risky apps). That telemetry and control mapping helps illustrate real cloud attack vectors and where controls fit.
- SOAR: Lets you encode detection/response playbooks that follow an attack lifecycle (detection β containment β remediation). Useful for demonstrating how response steps align with attack methodology frameworks (e.g., mapping playbooks to MITRE ATT&CK tactics/techniques).
Why not PKI:
- PKI is an encryption/authentication technology (a control), not a methodology or tooling for modeling or explaining attacker behavior. Itβs a mitigation you would map to an identified threat rather than a tool for explaining attack methodology.
Why:
- Threat modeling: Directly designed to identify likely attack paths, assets, adversary goals and mitigations β exactly what you need to explain attack methodologies and map them to controls in a cloud context.
- CASB: Gives visibility and policy enforcement for cloud apps (user activity, data flows, risky apps). That telemetry and control mapping helps illustrate real cloud attack vectors and where controls fit.
- SOAR: Lets you encode detection/response playbooks that follow an attack lifecycle (detection β containment β remediation). Useful for demonstrating how response steps align with attack methodology frameworks (e.g., mapping playbooks to MITRE ATT&CK tactics/techniques).
Why not PKI:
- PKI is an encryption/authentication technology (a control), not a methodology or tooling for modeling or explaining attacker behavior. Itβs a mitigation you would map to an identified threat rather than a tool for explaining attack methodology.