CompTIA Security+ (SY0-601) — Question 408

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors of real-world events in order to improve the incident response team's process. Which of the following is the analyst most likely participating in?

Answer options

• A. MITRE ATT&CK
• B. Walk-through
• C. Red team
• D. Purple team
• E. TAXII

Correct answer: A

Explanation

The correct answer is A, MITRE ATT&CK, as it is specifically designed to analyze and categorize threat actors based on real-world techniques and tactics, which aids in improving incident response. The other options, such as Walk-through, Red team, and Purple team, refer to different aspects of security assessments and training rather than the analysis of threat actors.