Chapter 8 Questions

Question 1

What happens during reconnaissance?

A. Installing malware
B. Gathering information
C. Executing payload
D. Exfiltration

Answer 1

Answer: B

Explanation:
Reconnaissance is the first stage where the attacker gathers information about the target. This may include OSINT, scanning, and identifying vulnerabilities to prepare for the attack.

Question 2

What is the purpose of Command & Control?

A. Encrypt data
B. Communicate with attacker
C. Delete logs
D. Install malware

Answer 2

Answer: B

Explanation:
Command and Control (C2) is the communication channel between the attacker and the compromised system. It allows the attacker to send commands, control the system, and maintain access using protocols like HTTP or DNS.

Question 3

First kill chain stage?

A. Delivery
B. Reconnaissance
C. Exploitation
D. Installation

Answer 3

Answer: B

Explanation:
Reconnaissance is the first stage where attackers gather information about the target. This includes OSINT, scanning, and identifying vulnerabilities. It helps attackers plan their attack strategy effectively.

Question 4

Weaponization involves:

A. Logs
B. Payload creation
C. Detection
D. Backup

Answer 4

Answer: B

Explanation:
Weaponization is the stage where attackers combine malware and an exploit into a payload. This payload is designed to exploit a vulnerability on the target system when delivered.

Question 5

Delivery example?

A. Encryption
B. Phishing email
C. Logging
D. Backup

Answer 5

Answer: B

Explanation:
Delivery is how the payload reaches the victim. Common methods include phishing emails, malicious websites, and infected USB devices. This stage is critical for initiating the attack.

Question 6

Exploitation involves:

A. Data theft
B. Using vulnerability
C. Recovery
D. Logs

Answer 6

Answer: B

Explanation:
Exploitation occurs when the attacker successfully uses a vulnerability to gain access to the system. This may involve executing malicious code or triggering a software flaw.

Question 7

Final stage?

A. Detection
B. Exfiltration
C. Installation
D. Parsing

Answer 7

Answer: B

Explanation:
The final stage involves achieving the attacker’s objective, often data exfiltration. This includes stealing sensitive data, escalating privileges, or moving laterally within the network.

Question 8

What is lateral movement?

A. Data encryption
B. Moving within network after access
C. Logging activity
D. Backup

Answer 8

Answer: B

Explanation:
Lateral movement occurs after initial compromise, where attackers move across systems to find valuable data. It is a key stage in advanced attacks and often hard to detect.

Question 9

What happens in installation?

A. Detection
B. Backdoor creation
C. Logging
D. Encryption

Answer: B

Explanation:
In this stage, attackers establish persistence by installing backdoors, web shells, or modifying services. This ensures continued access even after reboots.

Answer 9

Answer: B

Explanation:
In this stage, attackers establish persistence by installing backdoors, web shells, or modifying services. This ensures continued access even after reboots.

Question 10

What is MITRE ATT&CK?

A. Firewall
B. Threat framework of TTPs
C. SIEM
D. Antivirus

Answer 10

Answer: B

Explanation:
MITRE ATT&CK is a framework that categorises attacker behaviours using tactics, techniques, and procedures (TTPs). It helps organisations understand and detect attack patterns.

Question 11

What does TTP stand for?

A. Tools, Targets, Protocols
B. Tactics, Techniques, Procedures
C. Threat, Tools, Processes
D. Tactics, Targets, Payloads

Answer 11

Answer: B

Question 12

What is threat hunting?

A. Blocking traffic
B. Proactively searching for threats
C. Logging data
D. Encryption

Answer 12

Answer: B

Explanation:
Threat hunting is a proactive approach where analysts actively search for hidden threats that automated tools may miss. It goes beyond alerts and assumes attackers may already be present.

Question 13

Structured hunting is based on:

A. Random search
B. Known attack patterns
C. Logs only
D. Encryption

Answer 13

Answer: B

Explanation:
Structured hunting uses known patterns such as MITRE ATT&CK techniques to guide investigations. It is systematic and based on prior knowledge of attacker behaviour

Question 14

Unstructured hunting is:

A. Based on intelligence
B. Random or hypothesis-free
C. Based on logs only
D. Detection only

Answer 14

Answer: B

Explanation:
Unstructured hunting is exploratory and does not follow predefined patterns. Analysts search for anomalies without specific indicators, making it more flexible but less focused.

Question 15

Situational hunting is based on:

A. Random
B. Specific triggers or alerts
C. Encryption
D. Logs only

Answer 15

Answer: B

Explanation:
Situational hunting is triggered by specific events, such as new vulnerabilities or alerts. Analysts investigate based on current threats or incidents.