nerdexam
Cisco

210-255 · Question #141

Which option is the process of remediating the network and systems and/or reconstructing the attack so that the responsible threat actor can be revealed?

The correct answer is C. threat actor attribution. Threat actor attribution is the process of reconstructing an attack and analyzing evidence to identify the responsible party. It combines forensic analysis and network remediation to trace the origin of an incident.

Security Policies and Procedures

Question

Which option is the process of remediating the network and systems and/or reconstructing the attack so that the responsible threat actor can be revealed?

Options

  • Adata analytics
  • Basset attribution
  • Cthreat actor attribution
  • Devidence collection

How the community answered

(27 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    93% (25)

Why each option

Threat actor attribution is the process of reconstructing an attack and analyzing evidence to identify the responsible party. It combines forensic analysis and network remediation to trace the origin of an incident.

Adata analytics

Data analytics is a broad discipline for processing and interpreting data sets, not a defined process for reconstructing attacks and identifying threat actors.

Basset attribution

Asset attribution refers to identifying ownership or responsibility for a given IT asset, not tracing the source of an attack.

Cthreat actor attributionCorrect

Threat actor attribution specifically involves remediating affected systems while simultaneously reconstructing the timeline and methods of an attack to identify who is responsible. This process leverages forensic evidence, indicators of compromise, and attack patterns to attribute the activity to a specific threat actor or group. It goes beyond simply collecting data by actively linking artifacts back to a responsible entity.

Devidence collection

Evidence collection is the act of gathering forensic artifacts and logs, which is a precursor step to attribution rather than the attribution process itself.

Concept tested: Threat actor attribution in incident response

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Topics

#threat actor attribution#incident response#attack reconstruction#network remediation

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice