CompTIA CySA+ (CS0-002) — Question 350

A security analyst needs to develop a brief that will include the latest incidents and the attack phases of the incidents. The goal is to support threat intelligence and identify whether or not the incidents are linked. Which of the following methods would be MOST appropriate to use?

Answer options

• A. The Cyber Kill Chain
• B. The MITRE ATT&CK framework
• C. An adversary capability model
• D. The Diamond Model of Intrusion Analysis

Correct answer: A

Explanation

The Cyber Kill Chain is specifically designed to outline the stages of a cyber attack, making it the best choice for understanding the phases involved in incidents. While the MITRE ATT&CK framework and other models provide valuable insights, they do not focus as directly on the sequential phases of attacks as the Cyber Kill Chain does.