A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors of real-world events in order to improve the incident response team's process. Which of the following is the analyst most likely participating in?
MITTRE ATT&CK is a framework, you cannot participate in a framework. You can follow framework, you can work by framework guidelines, but you cannot participate in a framework
I chose D because it has most sense when you read and understand the question.
A purple team is a group of cyber security professionals who simulate malicious attacks and penetration testing in order to identify security vulnerabilities and recommend remediation strategies for an organization’s IT infrastructure. The term is derived from the color purple, which symbolizes the combination of both red and blue teams.
Unlike traditional red team/blue teams, which are usually separate entities, the purple team works in close coordination, sharing information and insights in order to address acute weaknesses and improve the organization’s overall security posture.
MITRE ATT&CK is a knowledge base that describes the actions and techniques used by threat actors during different stages of the cyberattack lifecycle. It is widely used in cybersecurity for threat intelligence, incident response, and identifying and categorizing the tactics, techniques, and procedures (TTPs) of real-world threat actors.
In the given scenario, the analyst is likely participating in the process of analyzing and categorizing threat actors based on real-world events using the MITRE ATT&CK framework. This analysis helps improve the incident response team's understanding of various threat actors' behaviors and tactics, which, in turn, assists in enhancing the incident response process and overall cybersecurity posture.
People who are saying the answer is D, are taking the word "participating" way too literal. The question is saying "analyze and categorize threat actors of real-world events", that is in the past tense of attacks that has happened and documented. If it was Purple team, they would be running a simulation on the network they are being instructed to pentest and defend, then log their results.
*CORRECT ANSWER* is A
- Options C & D are incorrect because Red and purple teams engage in simulated attacks, the question didn't mention any simulations.
- Option E is irrelevant, TAXII (TrustedAutomated Exchange of Intelligence Information) is a protocol used to exchange cyber threat intelligence securely over HTTPS.
- Option B is incorrect. A walk-through focuses on validating procedures and identifying any gaps or weaknesses in our security posture. In our scenario, we're shifting our focus from our systems to analyzing threat actors, categorizing them based on their tactics, techniques, and procedures (TTPs).
D. Purple Team
Purple team exercises involve collaboration between the red team (which simulates attackers) and the blue team (which represents the organization's defenders). The goal is to improve the organization's security posture by evaluating and refining the incident response process through simulated attacks and real-world threat analysis. This process often involves analyzing and categorizing threat actors and their tactics, techniques, and procedures (TTPs) to enhance defense strategies.
MITRE ATT&CK - 'analyze and categorizes threat actors of real-world events' i.e. using the framework to categorize. Shocked so many are choosing purple team. A purple team combines aspects of both the red and the blue teams. Often, this involves increasing the collaboration and feedback between the offensive and defensive teams to better guide the engagement and ensure that the TEST comprehensively evaluates the target organization's security.
According to croudstrike (https://www.crowdstrike.com/cybersecurity-101/purple-teaming/), D does not do what a purple team does. However, THE PEOPLE (analysts) that work for MITTRE ATT&CK do this exact function.
It's D,
Here's why:
"A" is a framework, you don't participate in frameworks the same way you don't participate in ISO, PCIDSS, COBIT, NIST, so the only possible answer is D, purple-team, as it's Blue+Red teaming, you can participate in one of those teams, not frameworks.
It is AD
Here's why:
The analyst is participating "IN" evaluation process that analyzes and categorizes threat actors of real-world events. That is what MITRE ATT&CK involves, such activities.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
predsednik
Highly Voted 1 year, 11 months agoDrCo6991
1 year, 7 months agoApplebeesWaiter1122
Highly Voted 2 years agoJasonMunoz
Most Recent 1 year agoGigi42
1 year, 2 months agoAbdullahMohammad251
1 year, 3 months agoc56e966
1 year, 3 months agoshady23
1 year, 3 months agoshady23
1 year, 3 months agoMick84
1 year, 6 months agoDrCo6991
1 year, 7 months agoMalkhofash
1 year, 7 months agoganymede
1 year, 7 months agorag4
1 year, 8 months agochimz2002
1 year, 8 months agomikeelnite
1 year, 9 months agoMortG7
1 year, 6 months agoMortG7
1 year, 6 months agoJT4
1 year, 9 months agoDashRyde
1 year, 10 months ago