Which task describes threat attribution?
- reporting the incident to the proper authorities
- determining who is responsible for the attack
- obtaining the most volatile evidence
- evaluating the server alert data
Explanation: Threat attribution refers to determining the individual, organization, or nation responsible for a successful intrusion or attack incident. The security investigation team correlates all the evidence in order to identify commonalities between tactics, techniques, and procedures (TPPs) for known and unknown threat actors.
Exam with this question: CyberOps Associate (Version 1.0) - Module 28: Digital Forensics and Incident Analysis and Response Answers
Exam with this question: Checkpoint Exam: Incident Response Answers
Please login or Register to submit your answer