CompTIA SecurityX (CAS-005) — Question 128

A systems administrator decides to take a programmatic approach in cataloging system resiliency to both new and existing attack patterns. Which of the following should the systems administrator use?

Answer options

• A. OWASP
• B. ATT&CK
• C. STRIDE
• D. CAPEC

Correct answer: B

Explanation

The correct answer is B, ATT&CK, which provides a comprehensive framework for understanding adversary behavior and attack patterns. OWASP focuses on web application security, STRIDE is a threat modeling framework, and CAPEC catalogues attack patterns, but none offer the same depth in cataloging and mitigating myriad attack techniques as ATT&CK.