CompTIA Security+ (SY0-701) — Question 240

A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator to reference?

Answer options

• A. MITRE ATT&CK
• B. CSIRT
• C. CVSS
• D. SOAR

Correct answer: A

Explanation

The MITRE ATT&CK framework is specifically designed to provide detailed insights into adversary behavior and tactics. CSIRT focuses on incident response, CVSS is a scoring system for vulnerabilities, and SOAR deals with automating security operations, making them less suitable for the task of hardening systems against adversaries.