CompTIA CySA+ (CS0-003) — Question 293
An analyst is reviewing a dashboard from the company’s SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
Answer options
- A. MITRE ATT&CK
- B. OSSTMM
- C. Diamond Model of Intrusion Analysis
- D. OWASP
Correct answer: A
Explanation
The correct answer is A, MITRE ATT&CK, as it is a framework that categorizes tactics, techniques, and procedures (TTPs) related to cyber threats and is commonly used for threat intelligence analysis. The other options, such as OSSTMM, Diamond Model of Intrusion Analysis, and OWASP, do not specifically focus on TTPs in the context of tracking malicious IP addresses in security events.