MITRE ATT&CK Framework Overview

Questions and Answers

What is the purpose of Persistence in a cyberattack?

Ensuring ongoing access to compromised assets (correct)

Deleting all data from compromised assets

Preventing access to compromised assets

Disabling the compromised assets

Which of the following is NOT a stage in the Cyber Kill Chain according to the text?

Analysis (correct)

Goals

Tactics

Techniques

What is a recommended method to control software execution as mentioned in the text?

Allow any software to run without restrictions

Install all available software for flexibility

Use application whitelisting to permit only authorized software (correct)

Enable only internet-based software to run

What is the main goal of an attacker during an attack according to the text?

Steal sensitive documents and data

What is recommended to ensure the highest level of data security as mentioned in the text?

Provide least privileged access to sensitive data

What is the primary purpose of the ATT&CK framework developed by MITRE?

To provide a comprehensive taxonomy of attacker tactics and techniques

According to the passage, how can an attacker obtain a user's accidentally typed passwords?

By reading the user's .bash_history file

What is the primary reason why small or non-sensitive organizations may still be targeted by attackers?

They can be used as a stepping stone to attack larger targets

What type of security measure is the ATT&CK framework designed to help defend against?

Application whitelisting

What is the primary goal of the least privilege concept in cybersecurity?

To prevent unauthorized access to sensitive systems and data

Which stage of the Cyber Kill Chain is associated with an attacker maintaining access to a compromised system?

Persistence

What is the primary purpose of application whitelisting in cybersecurity?

To block all unauthorized applications from running

Which of the following is an example of a zero trust security principle?

Requiring multi-factor authentication for sensitive operations

What is a common goal of cyberattacks that involve data exfiltration?

To harvest sensitive data for malicious purposes

Which of the following is the MOST accurate description of an 'insider threat' as discussed in the text?

An employee who has been granted special or privileged access to data and can now cause harm maliciously or unintentionally.

What is the primary goal of an 'insider threat' as described in the text?

To disrupt the reliability and security of the system.

Which of the following is the BEST way to mitigate the risks posed by an 'insider threat' as described in the text?

Provide the third-party developer with the minimum necessary access privileges to perform their tasks.

Which of the following is an example of an 'extended insider' as described in the text?

A trusted third-party vendor who has been granted privileged access to the organization's data and systems.

What is the MAIN implication of the blurred lines between 'workplace' and 'home' as discussed in the text?

Insider threats are more difficult to detect and mitigate when the 'workplace' extends beyond the traditional office environment.