macOS
MITRE ATT&CK SOC Analyst Quiz
Section 3: macOS (Questions 41-60)
Analyze real-world macOS attack scenarios using ESF logs, LaunchAgent plists, TCC database entries, and endpoint telemetry. Map each attack to the MITRE ATT&CK framework.
How to Answer Each Question
For each scenario, you'll answer 5 components:
- Attacker Objective — What is the attacker trying to achieve?
- MITRE ATT&CK Tactic — Which tactic does this map to?
- Technique / Sub-technique — Which technique applies? (Includes the ID)
- Key Evidence — What specific evidence supports your mapping?
- Next Likely Step — What will the attacker do next?
Scoring
| Component | Points |
|---|---|
| Attacker Objective | 1 point |
| Correct Tactic | 2 points |
| Correct Technique + ID | 3 points |
| Evidence Analysis | 2 points |
| Next Likely Step | 2 points |
Maximum: 200 points (10 per question x 20 questions)
macOS
MITRE ATT&CK SOC Quiz
Question 1 of 20
Score: 0/200