CompTIA PenTest+ (PT1-002) — Question 66

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

Answer options

• A. NIST SP 800-53
• B. OWASP Top 10
• C. MITRE ATT&CK framework
• D. PTES technical guidelines

Correct answer: C

Explanation

The MITRE ATT&CK framework is specifically designed to provide a detailed matrix of tactics and techniques used by attackers, as well as recommended mitigations. In contrast, NIST SP 800-53 focuses on security and privacy controls, OWASP Top 10 addresses web application vulnerabilities, and PTES technical guidelines provide a framework for penetration testing rather than a comprehensive matrix of attack methodologies.