Saturday , July 27 2024
Breaking News

Foundations of Operationalizing MITRE ATT&CK Exam Answers – AttackIQ Academy

Clear My Certification April 19, 2022 Certification, Featured Leave a comment 2,814 Views

Enroll Here: Foundations of Operationalizing MITRE ATT&CK Exam Answers – AttackIQ Academy

Threat Groups Lab Quiz Answers

Question 1: APT29 is a threat group attributed to the Chinese Government.

  • True
  • False

Question 2: APT29 is known by all of the following names except:

  • YTTRIUM
  • The Dukes
  • Cozy Bear
  • CozyDuke
  • DancingBear

Mapping Organizational Intel Quiz Answers

Question 1: Which is of the following is the final suggestion given by MITRE for mapping organizational intelligence data to ATT&CK?

  • Research the behavior
  • Translate the behavior into a tactic
  • Figure out which technique applies to the behavior
  • Compare your results

Purple Teaming with MITRE ATT&CK Quick Quiz Answers

Question 1: Utilizing MITRE ATT&CK with Purple teaming may cost more in the additional headcount, but is well worth it.

  • True
  • False

Foundations of Operationalizing MITRE ATT&CK Final Exam Answers

Question 1: MITRE created all of the following with the exception of what?

  • CVEs
  • APTs
  • CAR
  • ATT&CK

Question 2: How can previous incident reports provide intelligence data when operationalizing MITRE ATT&CK?

  • By providing an analytical model for the blue team
  • By providing a scope of work during purple teaming exercises
  • By mapping the behaviors to tactics and techniques.
  • By providing the red team with a template

Question 3: This ATT&CK Tactic uses various entry vectors to gain a foothold

  • Spearphishing Attachment
  • Persistence
  • Initial Access
  • Credential Access

Question 4: How does MITRE define adversary emulation?

  • A type of red team engagement that mimics an unknown threat to an organization by blending in threat intelligence to define what actions and behaviors the red team uses.
  • A type of red team engagement that mimics a known threat to an organization by blending in threat intelligence to define what actions and behaviors the red team uses.
  • A type of blue team engagement that mimics a known threat to an organization by blending in threat intelligence to define what actions and behaviors the red team uses.
  • A type of blue team engagement that mimics an uknown threat to an organization by blending in threat intelligence to define what actions and behaviors the red team uses.

Question 5: This is a knowledge base of analytics developed by MITRE.

  • ATT&CK
  • CAR
  • CVE
  • CTID

Question 6: MITRE suggests all of the following as sources of data collection except for what?

  • Incident Response Reports
  • Authentication logs collected from the domain controller
  • File and registry monitoring
  • Process and process command line monitoring

Question 7: One of the best ways to truly test and build upon a threat informed defense is to:

  • Subscribe to a commercial threat feed
  • Provide red team reports to the SOC
  • Enable collaboration between red and blue teams through a purple team.
  • Utilze STIX/TAXII

Question 8: How can CAR assist you in creating test plans?

  • Providing threat intelligence
  • Providing a hypothesis
  • Providing machine learning
  • Providing unit tests

Question 9: Where can you find a listing of all advanced threat groups that MITRE has tracked?

  • CVE Database
  • Red Canary
  • CARS
  • ATT&CK Threat Groups Page

Question 10: These are how adversary technical goals are achieved.

  • Tactics
  • Tools
  • Techniques
  • Procedures

Question 11: These are specific implementations of how the adversary’s technical goals are achieved.

  • Techniques
  • Procedures
  • Tools
  • Tactics

Question 12: The three elements of a threat informed defense include (choose all three):

  • Using MITRE CRITS as an intelligence tool
  • Defensive engagement of the threat
  • Focused sharing and collaboration
  • Cyber threat intelligence analysis

Question 13: This ATT&CK Tactic results in adversary-controlled code running on a local or remote system.

  • Privilege Escalation
  • Execution
  • Lateral Movement
  • Initial Access

Question 14: Groups like MITRE’s Center for Threat Informed Defense, or CTID, bring together security teams for multiple organizations to participate in which element of a threat informed defense?

  • Focused Sharing and Collaboration
  • Cyber Threat Intelligence Analysis
  • Breach & Attack Simulation Exercises
  • Defensive Engagement of The Threat

Question 15: Which element of a threat informed defense allows you to look for indicators of a pending, active, or successful cyber attack?

  • Focused Sharing and Collaboration
  • Cyber Threat Intelligence Analysis
  • MITRE CRITs
  • Defensive Engagement of The Threat

Question 16: This tool provides basic navigation and annotation of the ATT&CK matrix.

  • ATT&CK Navigator
  • CARS
  • CTID
  • Caldera

Question 17: In terms of a threat informed defense, which element examines TTPs, malware hashes, or domain names?

  • Defensive Engagement of The Threat
  • Focused Sharing and Collaboration
  • Cyber Threat Intelligence Analysis
  • Incident Response & Intelligence Gathering

Question 18: Techniques can span across multiple tactics in the MITRE ATT&CK Framework.

  • False
  • True

Question 19: Adversaries technical goals are

  • Procedures
  • Tactics
  • Tools
  • Techniques

About Clear My Certification

Check Also

Infosys Springboard Fundamentals of Information Security Answers

Apply for Fundamentals of Information Security Here Q1 of 15 How many keys are required …

Leave a Reply

Your email address will not be published. Required fields are marked *

© Copyright 2024, Priya Dogra - All Rights Reserved