FCSS – SOC Analyst 7.4 — Question 11

Which statement best describes the MITRE ATT&CK framework?

Answer options

• A. It describes attack vectors targeting network devices and servers, but not user endpoints.
• B. It provides a high-level description of common adversary activities, but lacks technical details.
• C. It covers tactics, techniques, and procedures, but does not provide information about mitigations.
• D. It contains some techniques or subtechniques that fall under more than one tactic.

Correct answer: D

Explanation

Option D is correct because the MITRE ATT&CK framework indeed includes techniques that can be applied across different tactics, illustrating the interconnectedness of various attack methods. Option A is incorrect as the framework encompasses user endpoints as well. Option B is wrong because the framework does provide technical details alongside high-level descriptions. Option C is also incorrect since the framework does include information on mitigations.