4_2_3 Section 4 – Operations and Incident Response - 4.2 – Incident Response - Attack Frameworks

Questions and Answers

What is the primary challenge in protecting a network from attacks?

• Responding to an attack after it occurs
• Keeping track of the numerous methods used by attackers (correct)
• Mitigating the risk of an attack
• Identifying the exact type of attack

What is the main purpose of the MITRE ATT&CK framework?

• To provide a comprehensive view of network attacks (correct)
• To support US governmental agencies
• To categorize attacks into broad categories
• To identify security techniques to block future attacks

Where can you access the MITRE ATT&CK framework?

• us.gov/agencies
• mitre.org
• attack.mitre.org (correct)
• itsecurity.com

What is the location of the MITRE corporation?

Northeast United States (A)

What is the primary benefit of using the MITRE ATT&CK framework?

Identifying security techniques to block future attacks (B)

Who does the MITRE corporation primarily support?

US governmental agencies (D)

What is the primary goal of filling in documentation at each point of an intrusion?

To understand the attack and prevent future occurrences (B)

Which phase of the cyber kill chain involves gathering intel on the target?

Reconnaissance (D)

What is the purpose of the installation phase in the cyber kill chain?

To create back doors and additional channels (D)

What is the last phase of the cyber kill chain?

Actions on objectives (D)

What is the primary purpose of the cyber kill chain model?

To understand the results of an attack (D)

Which of the following is NOT a phase of the cyber kill chain?

Exploitation (A)

What is the primary focus of the reconnaissance process in the context of security?

Scanning IP blocks or performing vulnerability scans (D)

What is the main goal of the Diamond Model of intrusion analysis?

To analyze the intrusions that have occurred in an environment (B)

What is an example of a capability in the context of the Diamond Model?

Malware or a hacker tool used to exploit a system (B)

What is the purpose of the detection techniques and references provided in the framework?

To detect specific types of attacks and understand how to mitigate them (A)

What is credential stuffing in the context of a brute force attack?

A way of using stolen credentials to gain access to a system (B)

What is the main benefit of using the framework described in the text?

It offers a wealth of information on different types of attacks and how to prevent them (C)

What is the relationship between the adversary and the infrastructure in the Diamond Model?

The adversary uses the infrastructure to gain access (D)

What is the purpose of the mitigation strategies provided in the framework?

To help users develop strategies for preventing specific types of attacks (C)

What is the main difference between reconnaissance and a brute force attack?

Reconnaissance is a pre-compromise mitigation process, while a brute force attack is a type of attack (D)

What is the main benefit of using the Diamond Model of intrusion analysis?

It helps users understand the intrusions that have occurred in an environment (D)