Which of the following best matches the description of Intelligence_Summary.md?

wrong - Contains all the emulation Plans content. Both Emulation Plans and
Operator Scripts are found in this directory. (Ops flow image also)
B. A summary of the intelligence with Attack Layers and corresponding referenced
reporting.

What is the prerequisite for running the procedure in the images above images?

Correct - adfind.exe

FIN6 is known to gain initial access to target organizations by using all of the
following except:

Correct - Drive-by compromise

Which of the following best describes the term "Intelligence Summary."

Wrong - A step is a specific MITRE ATT&CK Technique defined down to the exact
command. Every step is ordered based on observations during the threat intel-

m
gathering phase

er as
C. A high-level diagram of attacker behavior, the phase order in which they

co
occur, and the Tactics observed.

eH w
o.
Which of the following threat groups were part of the first ATT&CK evaluations
rs e
(Choose 2)?
ou urc
Wrong FIN6

APT29
o

APt3
aC s
v i y re

The human-readable version of the emulation plans are provided as

___________________________.

Wrong - pdf files

B. markdown files
ed d
ar stu

FIN6 has never been seen to use ransomware in their campaigns.

Correct - False
sh is

Threat Informed Defense is the systematic application of a deep understanding of

________________ to prevent, detect, and/or respond to cyber attacks
Th

Wrong - MITRE ATT&CK

C. Adversary trade craft and technology

The machine-readable version of the emulation plans are provided as

___________________________.

Correct - yaml files

Emulation plans are a new concept

Correct - False

What are the three emulation plan sections that were defined initially as part

This study source was downloaded by 100000824629077 from CourseHero.com on 08-12-2021 14:41:38 GMT -05:00

https://www.coursehero.com/file/93612113/Intro-to-FIN6-Emulation-Plans/
 of the APT29 emulation plan (Choose all 3)?

A. Operations Flow
B. Emulation Plan

D. Operator Script

Emulation plans have 3 high-level pieces of information. Which of the following

is NOT one of those pieces of information?

Wrong - What the attacker does when their objectives are met
C. How the attack plays out over time

In order to run most of the emulations in the plan, it is necessary to have a

red team.

Correct - False

Emulation plans are published under which license?

Wrong - GNU GPLv3

m
A. Apache 2.0

er as
co
eH w
FIN6 has been active since at least 2015

o.
Correct - True
rs e
ou urc
MITRE Cyber Analytics Repository (CAR) is used to publish emulation plans.

Correct - False
o
aC s
v i y re
ed d
ar stu
sh is
Th

This study source was downloaded by 100000824629077 from CourseHero.com on 08-12-2021 14:41:38 GMT -05:00

https://www.coursehero.com/file/93612113/Intro-to-FIN6-Emulation-Plans/
Powered by TCPDF (www.tcpdf.org)