During an internal security assessment, investigators discovered multiple persistence attempts across several endpoints, indicating sophisticated intrusion. Which resource helps align these methods with recognized threat patterns for improved detection and response?
A matrix that categorizes attacker behaviors across numerous vectors
A catalog specifying retention intervals for archived records
A reference of verified secure coding practices
A device check document covering common misconfigurations
The matrix enumerates tactics, techniques, and procedures (TTPs), linking the discovered methods to known attacker behaviors. This approach reveals how actions were carried out and guides the investigation toward proper countermeasures. A guideline for coding does not classify attacker behaviors. A compliance resource for logging retention aims at legal and policy requirements rather than intrusion methods. A checklist for device settings focuses on misconfiguration issues without mapping to recognized tactics.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the matrix that categorizes attacker behaviors and how does it assist in security assessments?
Open an interactive chat with Bash
What are Tactics, Techniques, and Procedures (TTPs)?
Open an interactive chat with Bash
How does the MITRE ATT&CK framework differ from other security guidelines, such as coding practices or compliance resources?