This is an organization that offers an attack framework that provides detailed descriptions of various attacker TTPs, as well as how to defend against said TTPs

This can be accomplished by adding a user to an existing Group (e.g. Accounting) with particular GPOs set up to limit the user's access to distinct files/folders relating to their job. 

This term describes means by which an attacker can gain access to targets.

Involving this entity in your incident response should be carefully considered. It's involvement more than likely will involve criminal proceedings and public disclosure. 

This is a multi-cloud platform tool that helps detect vulnerabilities in cloud environments. 

This port supports windows file sharing with pre-windows 2000 version hosts. Known as NetBIOS-ssn.

Reverse Jeopardy!!!! Write the command that would change Group access to allow them to read and write to Lordofyeets_folder, assuming you are making the changes as the user shown below./

This describes a Vulnerability Scanner not reporting on a vulnerability that was confirmed to be on a system or network.  

This is a machine that allows Administrators to remotely access different network segments to perform system maintenance. This system is typically very hardened. 

This action is taken by altering DNS records to reroute malicious C2 traffic to a address that is different than the malicious address. 

This action takes place during the Eradication and Recovery phase of Incident Response. These are procedures that are used in the disposal of obsolete information and equipment including storage devices, devices with internal data storage capabilities, and paper records. 

A technique of constantly evaluating an environment for changes so that new risks may be more quickly detected and business operations improved upon.

This is a set of tools that help with wireless network security testing, includes tools that captures wireless frames, injects wireless frames, and extracts wireless authentication keys. 

(Reverse Jeopardy!!!) The below image is an example of?

This is the act of using scripting/programming that allows administrators to very quickly set up and tear down server instances in the cloud, as well as facilitate security automation. 

This occurs when the UEFI of a system sends a report to a separate management server, confirming a secure, step by step boot process has been completed.

This Provides email authentication by allowing mail servers to digitally sign legitimate outbound email messages and is a mitigation against phishing/spam. 

This is internal traffic between two or more systems that is a tell-tale sign of an attacker trying to pivot through the network. 

A concept that describes how depending on where you are geographically, the laws may be different and therefore data must be treated differently. 

A command line tool that is a Link Local Multicast Name Resolution (LLMNR), NBT-NS, and MDNS poisoner. It allows the attacker to retrieve user hashes and OS info, making this an efficient tool for harvesting credentials and reconnaissance. 

Below is something you would see while using this tool: