Use the following scenario to answer the questions. A company has just had a cybersecurity incident. The threat actor or actors appeared to have a goal of network disruption and appeared to use a common security hack tool that overwhelmed a particular server with a large amount of traffic, which rendered the server inoperable.
What would be the threat attribution in this case?
- evaluating the server alert data
- obtaining the most volatile evidence
- determining who is responsible for the attack
- reporting the incident to the proper authorities
Explanation: Threat attribution refers to determining the individual, organization, or nation responsible for a successful intrusion or attack incident. The security investigation team correlates all the evidence in order to identify commonalities between tactics, techniques, and procedures (TPPs) for known and unknown threat actors.
Exam with this question: CCNA Cyber Ops Chapter 12 Exam Answers
Please login or Register to submit your answer