What two shared sources of information are included within the MITRE ATT&CK framework? (Choose two.)
- collection of digital evidence from most volatile evidence to least volatile
- attacker tactics, techniques, and procedures
- details about the handling of evidence including times, places, and personnel involved
- eyewitness evidence from someone who directly observed criminal behavior
- mapping the steps in an attack to a matrix of generalized tactics
Explanation: The MITRE Framework uses stored information on attacker tactics, techniques, and procedures (TTP) as part of threat defense and attack attribution. This is done by mapping the steps in an attack to a matrix of generalized tactics and describing the techniques that are used in each tactic. These sources of information create models that assist in the ability to attribute a threat.
Exam with this question: Checkpoint Exam: Analyzing Security Data Group Exam
Please login or Register to submit your answer