Which description best captures a key property STIX aims to provide?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the SANS FOR508 Exam. Use flashcards and multiple-choice questions, each with hints and explanations. Maximize your readiness for the test!

Multiple Choice

Which description best captures a key property STIX aims to provide?

Explanation:
STIX is built to encode threat intelligence in a way that is both richly expressive and ready for automation, while still being understandable to humans. This means it can capture a wide range of concepts—indicators, tactics, techniques, procedures, campaigns, threat actors, relationships between objects, and more—within a single, consistent framework. The emphasis on expressiveness and extensibility allows analysts to describe complex threat scenarios and to expand the standard as new threats and contexts emerge. At the same time, STIX is designed to be machine-actionable: its JSON-based structure and defined object types enable automated ingestion, correlation, and sharing, often in conjunction with TAXII for transport. The human-readability aspect comes from the use of standardized vocabulary and patterns that help analysts interpret the data without needing to reverse-engineer the format. A rigid binary encoding would hinder evolution and collaboration. Focusing only on malware hashes narrows the scope far too much to be useful for comprehensive threat intelligence. A real-time network protocol analyzer serves a different purpose—traffic analysis—rather than describing and sharing threat intelligence.

STIX is built to encode threat intelligence in a way that is both richly expressive and ready for automation, while still being understandable to humans. This means it can capture a wide range of concepts—indicators, tactics, techniques, procedures, campaigns, threat actors, relationships between objects, and more—within a single, consistent framework. The emphasis on expressiveness and extensibility allows analysts to describe complex threat scenarios and to expand the standard as new threats and contexts emerge. At the same time, STIX is designed to be machine-actionable: its JSON-based structure and defined object types enable automated ingestion, correlation, and sharing, often in conjunction with TAXII for transport. The human-readability aspect comes from the use of standardized vocabulary and patterns that help analysts interpret the data without needing to reverse-engineer the format.

A rigid binary encoding would hinder evolution and collaboration. Focusing only on malware hashes narrows the scope far too much to be useful for comprehensive threat intelligence. A real-time network protocol analyzer serves a different purpose—traffic analysis—rather than describing and sharing threat intelligence.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy