What two shared sources of information are included within the MITRE ATT&CK framework? (Choose two.)
- details about the handling of evidence including times, places, and personnel involved
- eyewitness evidence from someone who directly observed criminal behavior
- attacker tactics, techniques, and procedures
- collection of digital evidence from most volatile evidence to least volatile
- mapping the steps in an attack to a matrix of generalized tactics
| Answers Explanation & Hints:
The MITRE Framework uses stored information on attacker tactics, techniques, and procedures (TTP) as part of threat defense and attack attribution. This is done by mapping the steps in an attack to a matrix of generalized tactics and describing the techniques that are used in each tactic. These sources of information create models that assist in the ability to attribute a threat. |