210-255 · Question #141
Which option is the process of remediating the network and systems and/or reconstructing the attack so that the responsible threat actor can be revealed?
The correct answer is C. threat actor attribution. Threat actor attribution is the process of reconstructing an attack and analyzing evidence to identify the responsible party. It combines forensic analysis and network remediation to trace the origin of an incident.
Question
Which option is the process of remediating the network and systems and/or reconstructing the attack so that the responsible threat actor can be revealed?
Options
- Adata analytics
- Basset attribution
- Cthreat actor attribution
- Devidence collection
How the community answered
(27 responses)- A4% (1)
- B4% (1)
- C93% (25)
Why each option
Threat actor attribution is the process of reconstructing an attack and analyzing evidence to identify the responsible party. It combines forensic analysis and network remediation to trace the origin of an incident.
Data analytics is a broad discipline for processing and interpreting data sets, not a defined process for reconstructing attacks and identifying threat actors.
Asset attribution refers to identifying ownership or responsibility for a given IT asset, not tracing the source of an attack.
Threat actor attribution specifically involves remediating affected systems while simultaneously reconstructing the timeline and methods of an attack to identify who is responsible. This process leverages forensic evidence, indicators of compromise, and attack patterns to attribute the activity to a specific threat actor or group. It goes beyond simply collecting data by actively linking artifacts back to a responsible entity.
Evidence collection is the act of gathering forensic artifacts and logs, which is a precursor step to attribution rather than the attribution process itself.
Concept tested: Threat actor attribution in incident response
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.