ATT&CK

Your company heavily relies on cloud services like AWS, Azure, Azure AD, GCP, Office 365 publicly. What technique should you focus on mitigating? (2 points)

# https://attack.mitre.org/matrices/enterprise/cloud/
# https://attack.mitre.org/techniques/T1538/
T1538

You were analyzing a log and found uncommon data flow on port 4050. What APT group might this be? (2 points)

# google 'log and found uncommon data flow on port 4050 APT group'
# https://attack.mitre.org/techniques/T1571/
G0099

The framework has a list of 9 techniques that falls under the tactic to try to get into your network. What is the tactic ID? (2 points)

# google '9 techniques that falls under the tactic to try to get into your network tatic id'
# https://attack.mitre.org/tactics/TA0001/
TA0001

A software prohibits users from accessing their account by deleting, locking the user account, changing password etc. What such software has been documented by the framework? (2 points)

# google 'software prohibits users from accessing their account by deleting, locking the user account, changing password software id'
# https://attack.mitre.org/techniques/T1531/
S0372

Using ‘Pass the Hash’ technique to enter and control remote systems on a network is common. How would you detect it in your company? (2 points)

# google 'Using ‘Pass the Hash’ technique to enter and control remote systems on a network is common detect'
# https://attack.mitre.org/techniques/T1550/002/
Audit all logon and credential use events and review for discrepancies.

PreviousSuspicious USB Stick NextMalicious PowerShell Analysis

Last updated 4 years ago