The twelve ATT&CK tactic categories were derived from which portion of the Cyber Kill Chain?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the SANS Advanced Incident Response exam. Boost your skills with flashcards and multiple-choice questions, featuring hints and explanations. Ace your exam faster!

Multiple Choice

The twelve ATT&CK tactic categories were derived from which portion of the Cyber Kill Chain?

The twelve ATT&CK tactic categories capture what attackers do after they have footholds in a system, focusing on how they control, maintain, and execute their objectives within the target environment. This aligns with the later phases of the Seven-Stage Cyber Attack Lifecycle—control (establishing and managing command and control), maintain (persistence, privilege escalation, evading defenses), and execute (carrying out actions to achieve goals). Early, pre-access activities like Reconnaissance and Weaponization are outside the scope of these post-compromise tactics, which is why the later stages is the best fit for how ATT&CK categorizes attacker behavior.

The twelve ATT&CK tactic categories were derived from which portion of the Cyber Kill Chain?

Prepare for the SANS Advanced Incident Response exam. Boost your skills with flashcards and multiple-choice questions, featuring hints and explanations. Ace your exam faster!

The twelve ATT&CK tactic categories were derived from which portion of the Cyber Kill Chain?

Get the latest from Examzify