CompTIA PenTest+ (PT0-002) — Question 3

Which of the following provides a matrix of common tactics and techniques uses by attackers along with recommended mitigations?

Answer options

• A. NIST SP 800-53
• B. OWASP Top 10
• C. MITRE ATT&CK framework
• D. PTES technical guidelines

Correct answer: C

Explanation

The MITRE ATT&CK framework is specifically designed to provide a detailed matrix of tactics and techniques used by attackers, along with recommended mitigations. In contrast, NIST SP 800-53 focuses on security and privacy controls, OWASP Top 10 addresses the most critical web application security risks, and PTES technical guidelines provide a framework for penetration testing, but do not offer a matrix of tactics and techniques.