CompTIA PenTest+ (PT0-002) — Question 188

A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

Answer options

• A. OWASP Top 10
• B. MITRE ATT&CK framework
• C. NIST Cybersecurity Framework
• D. The Diamond Model of Intrusion Analysis

Correct answer: B

Explanation

The MITRE ATT&CK framework is specifically designed to provide a comprehensive and continuously updated approach to understanding adversary tactics, techniques, and procedures (TTPs), making it the best fit for the client's needs. The OWASP Top 10 focuses on web application vulnerabilities, the NIST Cybersecurity Framework is broader and more focused on risk management, and The Diamond Model of Intrusion Analysis is more theoretical and less practical for a penetration testing context.