Which model is a phased cyberattack framework used to identify defender's opportunities to disrupt an attack?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

Which model is a phased cyberattack framework used to identify defender's opportunities to disrupt an attack?

Explanation:
The idea being tested is a defensive framework that views an attacker’s activity as a sequence of stages and highlights where defenders can intervene to break the chain. The Lockheed Martin Kill Chain model maps out a typical attack progression—from initial reconnaissance through weaponization, delivery, exploitation, installation, command and control, and finally actions on objectives. By laying out these phases, it shows concrete points where security controls and monitoring can disrupt the attacker’s progress before they reach their goal. For example, you can stop reconnaissance with strong access controls and network visibility, block delivery and exploitation with email and patching strategies, and prevent successful command-and-control or lateral movement with network segmentation and endpoint defenses. This phase-based view is specifically about identifying those defender opportunities to disrupt the attack as it unfolds, not just after it’s occurred. In contrast, Metasploit Framework is a toolkit used to develop and execute exploits; it’s a weaponized testing platform rather than a defensive model. The NIST Incident Response Life Cycle describes how to respond to and recover from incidents, focusing on handling after detection rather than guiding disruption of an ongoing attack. MITRE ATT&CK is a comprehensive knowledge base of attacker techniques mapped to tactics; it’s invaluable for understanding adversary behavior and planning defenses, but it isn’t a single phased disruption framework in the same way as a kill chain.

The idea being tested is a defensive framework that views an attacker’s activity as a sequence of stages and highlights where defenders can intervene to break the chain. The Lockheed Martin Kill Chain model maps out a typical attack progression—from initial reconnaissance through weaponization, delivery, exploitation, installation, command and control, and finally actions on objectives. By laying out these phases, it shows concrete points where security controls and monitoring can disrupt the attacker’s progress before they reach their goal. For example, you can stop reconnaissance with strong access controls and network visibility, block delivery and exploitation with email and patching strategies, and prevent successful command-and-control or lateral movement with network segmentation and endpoint defenses. This phase-based view is specifically about identifying those defender opportunities to disrupt the attack as it unfolds, not just after it’s occurred.

In contrast, Metasploit Framework is a toolkit used to develop and execute exploits; it’s a weaponized testing platform rather than a defensive model. The NIST Incident Response Life Cycle describes how to respond to and recover from incidents, focusing on handling after detection rather than guiding disruption of an ongoing attack. MITRE ATT&CK is a comprehensive knowledge base of attacker techniques mapped to tactics; it’s invaluable for understanding adversary behavior and planning defenses, but it isn’t a single phased disruption framework in the same way as a kill chain.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy