CompTIA CySA+ (CS0-003) — Question 411

A security operations (SOC) manager develops response mechanisms as part of playbook development efforts. The SOC manager needs to accomplish the following:

• Document adversarial activities.
• Map adversarial activities to a linear progression of sequential phases.
• Provide broad coverage of threat actions without addressing specific tactics, techniques, and procedures (TTPs).

Which of the following is the most reliable source for this information?

Answer options

• A. MITRE ATT&CK
• B. Cyber COBRA
• C. Diamond Model of Intrusion Analysis
• D. Cyber Kill Chain

Correct answer: D

Explanation

The Cyber Kill Chain is designed to outline the stages of a cyber attack in a sequential manner, making it ideal for understanding adversarial activities as requested by the SOC manager. Other options, like MITRE ATT&CK, focus more on specific TTPs, and the Diamond Model is more focused on the relationships among various components of an intrusion rather than a linear progression.