ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 191 discussion

Actual exam question from CompTIA's PT0-002
Question #: 191
Topic #: 1
[All PT0-002 Questions]

A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

  • A. OWASP Top 10
  • B. MITRE ATT&CK framework
  • C. NIST Cybersecurity Framework
  • D. The Diamond Model of Intrusion Analysis
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by cy_analyst at March 5, 2023, 5:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nickwen007
Highly Voted 2 years, 3 months ago
TTPs stands for Tactics, Techniques, and Procedures. This framework is used to document the individual steps that an attacker takes in order to carry out a malicious attack on a target system. The TTPs framework provides a comprehensive view of the attack, as it tracks all of the methods used by the attacker throughout the attack lifecycle in order to identify any weaknesses or gaps in the security of the system.
upvoted 7 times
...
longbob
Most Recent 11 months, 1 week ago
Selected Answer: B
MITRE ATTACK and FRAMEWORKS use the TTP
upvoted 1 times
...
Rezaee
1 year, 3 months ago
Selected Answer: B
B. MITRE ATT&CK framework
upvoted 1 times
...
cy_analyst
2 years, 3 months ago
Selected Answer: B
The methodology that would BEST meet the client's expectations for a penetration test that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks is the MITRE ATT&CK framework. In contrast, the OWASP Top 10 focuses specifically on web application security, while the NIST Cybersecurity Framework provides high-level guidance for improving overall cybersecurity posture. The Diamond Model of Intrusion Analysis is a methodology for analyzing and understanding cyber threats and is not specifically designed for penetration testing.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel