Home Certification Foundations of Operationalizing MITRE ATT&CK Exam Answers – AttackIQ Academy

Foundations of Operationalizing MITRE ATT&CK Exam Answers – AttackIQ Academy

0
Foundations of Operationalizing MITRE ATT&CK Exam Answers - AttackIQ Academy

Enroll Here: Foundations of Operationalizing MITRE ATT&CK Exam Answers – AttackIQ Academy

Threat Groups Lab Quiz Answers

Question 1: APT29 is a threat group attributed to the Chinese Government.

  1. True
  2. False

Question 2: APT29 is known by all of the following names except:

  1. YTTRIUM
  2. The Dukes
  3. Cozy Bear
  4. CozyDuke
  5. DancingBear

Mapping Organizational Intel Quiz Answers

Question 1: Which is of the following is the final suggestion given by MITRE for mapping organizational intelligence data to ATT&CK?

  1. Research the behavior
  2. Translate the behavior into a tactic
  3. Figure out which technique applies to the behavior
  4. Compare your results

Purple Teaming with MITRE ATT&CK Quick Quiz Answers

Question 1: Utilizing MITRE ATT&CK with Purple teaming may cost more in the additional headcount, but is well worth it.

  1. True
  2. False

Foundations of Operationalizing MITRE ATT&CK Final Exam Answers

Question 1: MITRE created all of the following with the exception of what?

  1. CVEs
  2. APTs
  3. CAR
  4. ATT&CK

Question 2: How can previous incident reports provide intelligence data when operationalizing MITRE ATT&CK?

  1. By providing an analytical model for the blue team
  2. By providing a scope of work during purple teaming exercises
  3. By mapping the behaviors to tactics and techniques.
  4. By providing the red team with a template

Question 3: This ATT&CK Tactic uses various entry vectors to gain a foothold

  1. Spearphishing Attachment
  2. Persistence
  3. Initial Access
  4. Credential Access

Question 4: How does MITRE define adversary emulation?

  1. A type of red team engagement that mimics an unknown threat to an organization by blending in threat intelligence to define what actions and behaviors the red team uses.
  2. A type of red team engagement that mimics a known threat to an organization by blending in threat intelligence to define what actions and behaviors the red team uses.
  3. A type of blue team engagement that mimics a known threat to an organization by blending in threat intelligence to define what actions and behaviors the red team uses.
  4. A type of blue team engagement that mimics an uknown threat to an organization by blending in threat intelligence to define what actions and behaviors the red team uses.

Question 5: This is a knowledge base of analytics developed by MITRE.

  1. ATT&CK
  2. CAR
  3. CVE
  4. CTID

Question 6: MITRE suggests all of the following as sources of data collection except for what?

  1. Incident Response Reports
  2. Authentication logs collected from the domain controller
  3. File and registry monitoring
  4. Process and process command line monitoring

Question 7: One of the best ways to truly test and build upon a threat informed defense is to:

  1. Subscribe to a commercial threat feed
  2. Provide red team reports to the SOC
  3. Enable collaboration between red and blue teams through a purple team.
  4. Utilze STIX/TAXII

Question 8: How can CAR assist you in creating test plans?

  1. Providing threat intelligence
  2. Providing a hypothesis
  3. Providing machine learning
  4. Providing unit tests

Question 9: Where can you find a listing of all advanced threat groups that MITRE has tracked?

  1. CVE Database
  2. Red Canary
  3. CARS
  4. ATT&CK Threat Groups Page

Question 10: These are how adversary technical goals are achieved.

  1. Tactics
  2. Tools
  3. Techniques
  4. Procedures

Question 11: These are specific implementations of how the adversary’s technical goals are achieved.

  1. Techniques
  2. Procedures
  3. Tools
  4. Tactics

Question 12: The three elements of a threat informed defense include (choose all three):

  1. Using MITRE CRITS as an intelligence tool
  2. Defensive engagement of the threat
  3. Focused sharing and collaboration
  4. Cyber threat intelligence analysis

Question 13: This ATT&CK Tactic results in adversary-controlled code running on a local or remote system.

  1. Privilege Escalation
  2. Execution
  3. Lateral Movement
  4. Initial Access

Question 14: Groups like MITRE’s Center for Threat Informed Defense, or CTID, bring together security teams for multiple organizations to participate in which element of a threat informed defense?

  1. Focused Sharing and Collaboration
  2. Cyber Threat Intelligence Analysis
  3. Breach & Attack Simulation Exercises
  4. Defensive Engagement of The Threat

Question 15: Which element of a threat informed defense allows you to look for indicators of a pending, active, or successful cyber attack?

  1. Focused Sharing and Collaboration
  2. Cyber Threat Intelligence Analysis
  3. MITRE CRITs
  4. Defensive Engagement of The Threat

Question 16: This tool provides basic navigation and annotation of the ATT&CK matrix.

  1. ATT&CK Navigator
  2. CARS
  3. CTID
  4. Caldera

Question 17: In terms of a threat informed defense, which element examines TTPs, malware hashes, or domain names?

  1. Defensive Engagement of The Threat
  2. Focused Sharing and Collaboration
  3. Cyber Threat Intelligence Analysis
  4. Incident Response & Intelligence Gathering

Question 18: Techniques can span across multiple tactics in the MITRE ATT&CK Framework.

  1. False
  2. True

Question 19: Adversaries technical goals are

  1. Procedures
  2. Tactics
  3. Tools
  4. Techniques

LEAVE A REPLY

Please enter your comment!
Please enter your name here