Professional Documents
Culture Documents
wrong - Contains all the emulation Plans content. Both Emulation Plans and
Operator Scripts are found in this directory. (Ops flow image also)
B. A summary of the intelligence with Attack Layers and corresponding referenced
reporting.
What is the prerequisite for running the procedure in the images above images?
Correct - adfind.exe
FIN6 is known to gain initial access to target organizations by using all of the
following except:
Wrong - A step is a specific MITRE ATT&CK Technique defined down to the exact
command. Every step is ordered based on observations during the threat intel-
m
gathering phase
er as
C. A high-level diagram of attacker behavior, the phase order in which they
co
occur, and the Tactics observed.
eH w
o.
Which of the following threat groups were part of the first ATT&CK evaluations
rs e
(Choose 2)?
ou urc
Wrong FIN6
APT29
o
APt3
aC s
v i y re
Correct - False
sh is
Correct - False
What are the three emulation plan sections that were defined initially as part
This study source was downloaded by 100000824629077 from CourseHero.com on 08-12-2021 14:41:38 GMT -05:00
https://www.coursehero.com/file/93612113/Intro-to-FIN6-Emulation-Plans/
of the APT29 emulation plan (Choose all 3)?
A. Operations Flow
B. Emulation Plan
D. Operator Script
Wrong - What the attacker does when their objectives are met
C. How the attack plays out over time
Correct - False
m
A. Apache 2.0
er as
co
eH w
FIN6 has been active since at least 2015
o.
Correct - True
rs e
ou urc
MITRE Cyber Analytics Repository (CAR) is used to publish emulation plans.
Correct - False
o
aC s
v i y re
ed d
ar stu
sh is
Th
This study source was downloaded by 100000824629077 from CourseHero.com on 08-12-2021 14:41:38 GMT -05:00
https://www.coursehero.com/file/93612113/Intro-to-FIN6-Emulation-Plans/
Powered by TCPDF (www.tcpdf.org)