What best describes Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)?

• A. A model and framework for describing the actions an adversary may take while operating within an enterprise network
• B. A set of detector signatures for intrusion prevention
• C. A method for creating hardware backdoors
• D. A taxonomy of network protocols used in social engineering

Answer: (A)

ATT&CK is a knowledge base and framework that catalogs adversary behavior in enterprise environments. It explicitly describes tactics (high-level goals) and techniques (the concrete methods) that attackers may use across the full attack lifecycle, from initial access to impact. This helps security teams model what attackers do, map detections and defenses to those actions, and assess coverage through threat hunting and incident response.

It’s not a set of detector signatures, nor a method for creating hardware backdoors, nor a taxonomy of network protocols for social engineering. Those aspects describe specific artifacts or techniques in narrow domains, whereas ATT&CK provides a broad, structured description of adversary actions and how they progress inside a network.