Which option best describes STIX's purpose?

• A. To convey the full range of potential cyber threat information, being expressive, flexible, extensible, automatable, and human-readable.
• B. To provide a secure file transfer protocol.
• C. To manage firewall rules.
• D. To standardize vulnerability scoring.

Answer: (A)

STIX is a standardized language for sharing cyber threat information in a way that is expressive, flexible, extensible, automatable, and human-readable. It provides a structured vocabulary and schemas to describe indicators, threat actors, campaigns, intrusion techniques, and relationships between them, so security tools and teams can both understand and automatically process threat data. This makes threat intelligence interoperable across organizations and platforms, facilitating automated ingestion and analysis. It’s not about secure file transfer, firewall rule management, or vulnerability scoring—those are separate technologies and standards. STIX focuses on describing threats in a rich, machine-actionable, human-readable format that can be shared widely.