You are a penetration tester engaged to identify potential threats and vulnerabilities within an organization's network. During the planning and scoping phase, you intend to leverage an industry-standard framework to map out the tactics, techniques, and procedures (TTPs) that attackers are likely to use against your client's industry. Which framework is most suitable for this purpose?
PCI DSS
General Data Protection Regulation (GDPR)
Information Systems Security Assessment Framework (ISSAF)
The correct answer is the MITRE ATT&CK framework, as it provides a comprehensive matrix of known attacker tactics, techniques, and procedures (TTPs) based on real-world observations. This makes it an ideal tool for penetration testers to understand and predict attacker behavior in a specific industry. Utilizing this framework during the planning and scoping phase can help in forming a testing strategy that is both thorough and relevant to the client's threat landscape. The other options, although related to cybersecurity, do not offer the same level of detail or applicability for mapping out adversary behaviors.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the MITRE ATT&CK framework?
Open an interactive chat with Bash
What are TTPs in the context of cybersecurity?
Open an interactive chat with Bash
How does using a framework like MITRE ATT&CK improve penetration testing?