CompTIA PenTest+ (PT0-002) — Question 99

A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?

Answer options

• A. Understanding the tactics of a security intrusion can help disrupt them.
• B. Scripts that are part of the framework can be imported directly into SIEM tools.
• C. The methodology can be used to estimate the cost of an incident better.
• D. The framework is static and ensures stability of a security program over time.

Correct answer: A

Explanation

The correct answer, A, highlights that by understanding the tactics used in security intrusions, organizations can develop strategies to counteract those tactics effectively. Option B is incorrect because while scripts may assist in analysis, the primary benefit of the framework lies in understanding tactics. Option C inaccurately emphasizes cost estimation, which is not the main focus of the framework. Option D is wrong as the framework is not static; it evolves to reflect new threats and tactics.