What best describes Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

What best describes Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)?

Explanation:
ATT&CK is a knowledge base and framework that catalogs adversary behavior in enterprise environments. It explicitly describes tactics (high-level goals) and techniques (the concrete methods) that attackers may use across the full attack lifecycle, from initial access to impact. This helps security teams model what attackers do, map detections and defenses to those actions, and assess coverage through threat hunting and incident response. It’s not a set of detector signatures, nor a method for creating hardware backdoors, nor a taxonomy of network protocols for social engineering. Those aspects describe specific artifacts or techniques in narrow domains, whereas ATT&CK provides a broad, structured description of adversary actions and how they progress inside a network.

ATT&CK is a knowledge base and framework that catalogs adversary behavior in enterprise environments. It explicitly describes tactics (high-level goals) and techniques (the concrete methods) that attackers may use across the full attack lifecycle, from initial access to impact. This helps security teams model what attackers do, map detections and defenses to those actions, and assess coverage through threat hunting and incident response.

It’s not a set of detector signatures, nor a method for creating hardware backdoors, nor a taxonomy of network protocols for social engineering. Those aspects describe specific artifacts or techniques in narrow domains, whereas ATT&CK provides a broad, structured description of adversary actions and how they progress inside a network.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy