CompTIA Security+ (SY0-601) — Question 159

A security analyst has been reading about a newly discovered cyberattack from a known threat actor. Which of the following would BEST support the analyst's review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?

Answer options

• A. Security research publications
• B. The MITRE ATT&CK framework
• C. The Diamond Model of Intrusion Analysis
• D. The Cyber Kill Chain

Correct answer: B

Explanation

The MITRE ATT&CK framework is specifically designed to catalog and detail the tactics, techniques, and procedures of threat actors, making it the best choice for the analyst's review. While the other options provide valuable information, they do not offer the same level of detailed mapping of threat actor behaviors and methodologies as the MITRE ATT&CK framework.