CompTIA CySA+ (CS0-003) — Question 486

Which of the following would a security analyst most likely use to compare TTPs between different known adversaries of an organization?

Answer options

• A. MITRE ATT&CK
• B. Cyber Kill Cham
• C. OWASP
• D. STIX/TAXII

Correct answer: A

Explanation

The correct answer is MITRE ATT&CK, as it is specifically designed to document and compare the tactics, techniques, and procedures used by different adversaries. Cyber Kill Chain is more focused on the stages of an attack, while OWASP primarily addresses web application security issues. STIX/TAXII is used for sharing threat intelligence but does not provide a direct comparison of TTPs.