🔥 3-day streak
CompTIA CySA+ (CS0-003)2 / 147
Question 2 of 147
A CySA+ analyst is asked to build a repeatable methodology for classifying observed adversary behaviors during an active intrusion. The goal is to map each discrete action an attacker takes on a compromised host—such as dumping credentials, creating scheduled tasks, and disabling logging—to a standardized catalog of techniques and sub-techniques, so detection engineers can later measure coverage gaps. Which attack methodology framework is the MOST appropriate choice for this specific purpose?
Reviewed for accuracy · Report an issueNext question