Exam SY0-601 topic 1 question 299 discussion

The MITRE ATT&CK Framework was created by MITRE in 2013 to document attacker tactics and techniques based on real-world observations. This index continues to evolve with the threat landscape and has become a renowned knowledge base for the industry to understand attacker models, methodologies, and mitigation.

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a widely recognized and comprehensive knowledge base of adversary tactics and techniques. It provides detailed information about specific techniques used by threat actors, including their behavior, tools, and procedures. By referring to the MITRE ATT&CK framework, the security analyst can gain insights into the tactics, techniques, and protocols employed by the threat actor in previous campaigns. The framework categorizes adversary behavior and provides information on their motivations, objectives, and typical attack patterns.

The Cyber Kill Chain addresses the cyber attack process from a high level with its seven phases. The MITRE ATT&CK contains a deeper scope of knowledge that includes granular details about cyberattacks, such as attack 'techniques' and procedures, and links to industry advisories.

B is correct.

• MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected

The Diamond Model of Intrusion Analysis is a model to describe cyber attacks. It contains 4 parts - adversary, infrastructure, capability, and target. It gives analysts a comprehensive view of cyber attacks. Adversary: Where are attackers from? Who are the attackers? Who is the sponsor? Why attack? What is the activity timeline and planning? Infrastructure: Infected computer(s), C2 domain names, location of C2 servers, C2 server types, mechanism and structure of C2, data management & control, and data leakage paths Capability: What skills do the attackers have to do reconnaissance, deliver their attacks, attack exploits and vulnerabilities, deploy their remote-controlled malwares and backdoors, and develop their tools. Target: Who is their target country/region, industry sector, individual, or data