CompTIA Security+ (SY0-601) — Question 562

A security analyst is looking for a way to categorize and share a threat actor's TTPs with colleagues at a partner organization. Which of the following would be the best method to achieve this goal?

Answer options

• A. Releasing the lessons-learned report
• B. Using the MITRE ATT&CK framework
• C. Sharing the CVE IDs used in attacks
• D. Sending relevant log files and pcaps

Correct answer: B

Explanation

The MITRE ATT&CK framework is specifically designed for categorizing and sharing tactics, techniques, and procedures (TTPs) used by threat actors, making it the best choice. The other options, while useful for different purposes, do not provide a structured way to classify and share TTPs effectively.