CompTIA CySA+ (CS0-003) — Question 269

A threat intelligence analyst is updating a document according to the MITRE ATT&CK framework. The analyst detects the following behavior from a malicious actor:

“The malicious actor will attempt to achieve unauthorized access to the vulnerable system.”

In which of the following phases should the analyst include the detection?

Answer options

• A. Procedures
• B. Techniques
• C. Tactics
• D. Subtechniques

Correct answer: C

Explanation

The correct answer is C, Tactics, as it refers to the overall goals of the adversary, such as gaining unauthorized access. The other options, like A (Procedures) and D (Subtechniques), represent more specific actions or methods, which do not capture the broader intent of the malicious behavior.