Week 7 Q's

Question 1

What is the primary purpose of the MITRE ATT&CK framework?

a. To identify potential vulnerabilities in software and hardware
b. To map tactics and techniques used by threat actors in cyber attacks
c. To create a standardized methodology for threat hunting
d. To provide a framework for secure software development

Answer 1

B

Question 2

What is the difference between the MITRE ATT&CK framework and a threat intelligence platform?

a. A threat intelligence platform provides real-time threat data, while the MITRE ATT&CK framework is a static framework.
b. The MITRE ATT&CK framework provides detailed information on attack techniques, while a threat intelligence platform focuses on threat actors and their motivations.
c. The MITRE ATT&CK framework is designed for use by security analysts, while a threat intelligence platform is designed for use by executives and management.
d. There is no difference; the terms are interchangeable.

Answer 2

B

Question 3

Which of the following best describes the “mitigation” phase in the MITRE ATT&CK framework?

a. Identifying and blocking potential attack vectors
b. Investigating and analyzing security incidents
c. Detecting and containing attacks in progress
d. Responding to and recovering from successful attacks

Answer 3

A

Question 4

What is the purpose of the “information gathering” phase in the MITRE ATT&CK framework?

a. To identify potential targets for an attack
b. To gather intelligence on an organization’s security posture
c. To identify potential vulnerabilities in a target system
d. To gather information about the target’s physical location

Answer 4

B

Question 5

Which of the following is a technique used in the “credential access” phase of the MITRE ATT&CK framework?

a. Brute force password cracking
b. SQL injection attacks
c. Social engineering attacks
d. Cross-site scripting (XSS) attacks

Answer 5

A

Question 6

Which of the following is a tactic used in the “command and control” phase of the MITRE ATT&CK framework?

a. Reconnaissance
b. Lateral movement
c. Execution
d. Communication

Answer 6

D

Question 7

What is the purpose of the “persistence” phase in the MITRE ATT&CK framework?

a. To establish a foothold in a target system
b. To escalate privileges on a target system
c. To evade detection by security tools
d. To exfiltrate data from a target system

Answer 7

A

Question 8

Which of the following is a technique used in the “exfiltration” phase of the MITRE ATT&CK framework?

a. Remote access Trojan (RAT)
b. Denial of Service (DoS) attacks
c. Distributed Denial of Service (DDoS) attacks
d. Man-in-the-middle (MITM) attacks

Answer 8

A

Question 9

Which of the following best describes the “impact” phase in the MITRE ATT&CK framework?

a. The phase where the attacker attempts to cover their tracks and erase evidence of their activity
b. The phase where the attacker causes damage to the target system or organization
c. The phase where the attacker attempts to evade detection by security tools
d. The phase where the attacker establishes a persistent presence in the target system

Answer 9

B

Question 10

Which of the following is a tactic used in the “defense evasion” phase of the MITRE ATT&CK framework?

a. Data obfuscation
b. Remote code execution
c. Network reconnaissance
d. Privilege escalation

Answer 10

A

Question 11

What is the purpose of the “execution” phase in the MITRE ATT&CK framework?

a. To establish a foothold in a target system
b. To execute malware or other malicious code on a target system
c. To move laterally within a target environment
d. To exfiltrate data from a target system

Answer 11

B

Question 12

Which of the following is a technique used in the “lateral movement” phase of the MITRE ATT&CK framework?

a. Remote access Trojan (RAT)
b. Phishing attacks
c. Port scanning
d. Pass-the-hash attacks

Answer 12

D

Question 13

Which of the following is a tactic used in the “reconnaissance” phase of the MITRE ATT&CK framework?

a. Exploitation
b. Privilege escalation
c. Data exfiltration
d. Active scanning

Answer 13

D

Question 14

Which of the following is a technique used in the “collection” phase of the MITRE ATT&CK framework?

a. Keylogging
b. Cross-site scripting (XSS) attacks
c. Port scanning
d. SQL injection attacks

Answer 14

A

Question 15

Which of the following is a tactic used in the “initial access” phase of the MITRE ATT&CK framework?

a. Exploitation
b. Lateral movement
c. Execution
d. Persistence

Answer 15

A

Question 16

What is the purpose of the “impact” phase in the MITRE ATT&CK framework?

a. To establish a foothold in a target system
b. To cause damage to the target system or organization
c. To evade detection by security tools
d. To exfiltrate data from the target system

Answer 16

B

Question 17

Which of the following is a technique used in the “privilege escalation” phase of the MITREATT&CK framework?

a. Pass-the-hash attacks
b. SQL injection attacks
c. Distributed Denial of Service (DDoS) attacks
d. Cross-site scripting (XSS) attacks

Answer 17

A

Question 18

What is the purpose of the “exfiltration” phase in the MITRE ATT&CK framework?

a. To establish a foothold in a target system
b. To cause damage to the target system or organization
c. To evade detection by security tools
d. To steal data from the target system

Answer 18

D

Question 19

Which of the following is a tactic used in the “defense evasion” phase of the MITRE ATT&CK framework?

a. Exploitation
b. Data obfuscation
c. Credential access
d. Collection

Answer 19

B

Question 20

What is the purpose of the “discovery” phase in the MITRE ATT&CK framework?

a. To identify potential targets for an attack
b. To gather intelligence on an organization’s security posture
c. To identify potential vulnerabilities in a target system
d. To gather information about the target’s physical location

Answer 20

C