Linux · Expert
MITRE ATT&CK SOC Analyst Quiz
Section 2: Linux — Expert (Questions 21–40)
For every question, you must type in the correct MITRE ATT&CK tactic and technique yourself — there are no multiple-choice options for these fields. Use the ATT&CK Navigator to look them up.
How to Answer Each Question
For each scenario, answer 5 components:
- Strategic objective — Campaign goal, not just the immediate action.
- MITRE ATT&CK Tactic — Type the primary tactic. No multiple-choice — use the ATT&CK framework.
- Technique / Sub-technique — Type the technique ID and name. No multiple-choice — look it up in the framework.
- Key evidence — Artifacts that support your mapping.
- Next likely step — Attacker’s next move or blue-team response.
At this tier, incorrect confident mappings are penalized; “uncertain but reasoning toward X” is scored more favorably than a wrong definitive answer.
Scoring
| Component | Points |
|---|---|
| Strategic Objective | 1 point |
| Correct Tactic | 2 points |
| Correct Technique + ID | 3 points |
| Evidence Analysis | 2 points |
| Next Likely Step | 2 points |
Maximum: 200 points (10 per question × 20 questions)
Linux · Expert
MITRE ATT&CK SOC Quiz
Question 1 of 20
Score: 0/200