An organization suspects that a threat group used advanced methods to compromise multiple hosts. The security team found multiple malicious techniques that allowed the attackers to escalate privileges and pivot across the environment. Which action best helps the team determine how the attackers entered and moved laterally using a recognized structure?
Use advanced scanning tools to isolate network segments suspected of suspicious outbound traffic
Review general compliance guidelines to see whether certain security policies have been broken
Map each malicious step to the MITRE ATT&CK framework to categorize adversary behavior and identify techniques across the intrusion lifecycle
Conduct frequent vulnerability scans on the environment to uncover newly discovered threats
The MITRE ATT&CK framework categorizes infiltration steps, allowing security teams to map malicious behavior to precise phases and techniques. This approach offers clarity on how attackers entered, moved through the environment, and which defenses can be improved. The other options address security controls or basic monitoring but do not provide a structured methodology for analyzing each malicious step in relation to a known set of references.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the MITRE ATT&CK framework?
Open an interactive chat with Bash
How does mapping to the MITRE ATT&CK framework help in identifying lateral movement?
Open an interactive chat with Bash
What is the difference between vulnerability scans and the MITRE ATT&CK framework?