macOS · Intermediate
MITRE ATT&CK SOC Analyst Quiz
Section 3: macOS — Intermediate (Questions 1–20)
Every other question asks you to type in the correct MITRE ATT&CK tactic and technique yourself — use the ATT&CK Navigator to find them. The remaining questions give you multiple-choice options, but watch out for decoys mixed in.
How to Answer Each Question
For each scenario, answer 5 components:
- Attacker Objective — What is the attacker trying to achieve?
- MITRE ATT&CK Tactic — Which tactic(s)? (On alternating questions you’ll type your answer instead of choosing from options.)
- Technique / Sub-technique — Which technique(s) apply? (Same: alternating between multiple-choice and free-text.)
- Key Evidence — What specific evidence supports your mapping?
- Next Likely Step — What will the attacker do next?
Scoring
| Component | Points |
|---|---|
| Attacker Objective | 1 point |
| Correct Tactic | 2 points |
| Correct Technique + ID | 3 points |
| Evidence Analysis | 2 points |
| Next Likely Step | 2 points |
Maximum: 200 points (10 per question × 20 questions)
macOS · Intermediate
MITRE ATT&CK SOC Quiz
Question 1 of 20
Score: 0/200