CrowdStrike Certified Falcon Responder (CCFR) — Question 14

What information does the MITRE ATT&CK Framework provide?

Answer options

• A. It provides best practices for different cybersecurity domains, such as Identify and Access Management
• B. It provides a step-by-step cyber incident response strategy
• C. It provides the phases of an adversary's lifecycle, the platforms they are known to attack, and the specific methods they use
• D. It is a system that attributes attack techniques to a specific threat actor

Correct answer: C

Explanation

The correct answer, C, accurately describes the MITRE ATT&CK Framework's focus on adversary behavior, including their lifecycle stages and techniques. Options A and B refer to broader cybersecurity practices and incident response strategies, which are not the main focus of the framework. Option D is incorrect because while the framework can help attribute techniques, its primary purpose is not solely about linking them to specific threat actors.