CompTIA CASP+ (CAS-004) — Question 468

A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATT&CK framework specific to APTs. Which of the following should be used by the organization to accomplish this goal?

Answer options

• A. Tabletop exercise
• B. Penetration test
• C. Sandbox detonation
• D. Honeypot

Correct answer: B

Explanation

The correct answer is B, as a penetration test simulates real-world attacks to evaluate the effectiveness of security measures against TTPs. Options A, C, and D do not provide the same level of testing against specific attack techniques as a penetration test would, making them less suitable for the organization's goal.