Att&ck
Link: https://www.trellix.com/en-us/security-awareness/cybersecurity/what-is-mitre-attack-framework.html
-
Your company heavily relies on cloud services like Azure AD, and Office 365 publicly. What technique should you focus on mitigating, to prevent an attacker performing Discovery activities if they have obtained valid credentials? (Hint: Not using an API to interact with the cloud environment!) (2 points)
Source: https://attack.mitre.org/techniques/T1538/
Answer:
T1538
-
You were analyzing a log and found uncommon data flow on port 4050. What APT group might this be? (2 points)
Source: https://attack.mitre.org/groups/G0099/
Answer:
G0099
-
The framework has a list of 9 techniques that falls under the tactic to try to get into your network. What is the tactic ID? (2 points)
Source: https://attack.mitre.org/
Answer:
TA0001
-
A software prohibits users from accessing their account by deleting, locking the user account, changing password etc. What such software has been documented by the framework? (2 points)
Source: https://attack.mitre.org/techniques/T1531/
Answer:
S0372
-
Using ‘Pass the Hash’ technique to enter and control remote systems on a network is common. How would you detect it in your company? (2 points)
Source: https://attack.mitre.org/techniques/T1550/002/
Answer:
Monitor newly created logons and credentials used in events and review for discrepancies.