CompTIA CASP+ (CAS-004) — Question 629

A threat hunting team receives a report about possible APT activity in the network. Which of the following threat management frameworks should the team implement?

Answer options

• A. NIST SP 800-53
• B. MITRE ATT&CK
• C. OWASP
• D. The Diamond Model of Intrusion Analysis

Correct answer: B

Explanation

The MITRE ATT&CK framework is specifically designed for understanding adversary behavior and tactics, making it ideal for investigating APT activities. NIST SP 800-53 focuses on security and privacy controls, OWASP is centered on web application security, and The Diamond Model provides a framework for analyzing intrusions but is not as comprehensive for threat hunting as MITRE ATT&CK.