The twelve ATT&CK tactic categories were derived from which portion of the Cyber Kill Chain?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

The twelve ATT&CK tactic categories were derived from which portion of the Cyber Kill Chain?

The twelve ATT&CK tactic categories capture what attackers do after they have footholds in a system, focusing on how they control, maintain, and execute their objectives within the target environment. This aligns with the later phases of the Seven-Stage Cyber Attack Lifecycle—control (establishing and managing command and control), maintain (persistence, privilege escalation, evading defenses), and execute (carrying out actions to achieve goals). Early, pre-access activities like Reconnaissance and Weaponization are outside the scope of these post-compromise tactics, which is why the later stages is the best fit for how ATT&CK categorizes attacker behavior.

The twelve ATT&CK tactic categories were derived from which portion of the Cyber Kill Chain?

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

The twelve ATT&CK tactic categories were derived from which portion of the Cyber Kill Chain?

Get the latest from Examzify