Certified Threat Intelligence Analyst (CTIA) — Question 39
A team of threat intelligence analysts is performing threat analysis on malware, and each of them has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic processes must threat intelligence manager use?
Answer options
- A. Threat modelling
- B. Application decomposition and analysis (ADA)
- C. Analysis of competing hypotheses (ACH)
- D. Automated technical analysis
Correct answer: C
Explanation
The correct answer is C, Analysis of competing hypotheses (ACH), as it is specifically designed to evaluate multiple theories by comparing evidence to identify the most plausible one. The other options, while useful in different contexts, do not focus on evaluating competing hypotheses in the same manner as ACH does.