CompTIA SecurityX (CAS-005) — Question 207

After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?

Answer options

• A. Apply code stylometry.
• B. Look for common TTPs.
• C. Use IoC extractions.
• D. Leverage malware detonation.

Correct answer: B

Explanation

The correct answer is B, as identifying common Tactics, Techniques, and Procedures (TTPs) used in the attacks can reveal patterns that suggest a single actor. The other options, while useful for various analyses, do not directly focus on correlating the behavior of the attacker across multiple incidents, which is crucial for establishing whether the same threat actor is involved.