CompTIA CASP+ (CAS-004) — Question 4

A threat hunting team receives a report about possible APT activity in the network.
Which of the following threat management frameworks should the team implement?

Answer options

• A. NIST SP 800-53
• B. MITRE ATT&CK
• C. The Cyber Kill Chain
• D. The Diamond Model of Intrusion Analysis

Correct answer: B

Explanation

The MITRE ATT&CK framework is specifically designed to provide detailed insights into adversary tactics and techniques, making it highly suitable for identifying and responding to APT activities. In contrast, NIST SP 800-53 is primarily focused on security and privacy controls, The Cyber Kill Chain outlines phases of an attack but lacks depth in tactics, and The Diamond Model is more about analyzing incidents than actively hunting threats.