312-85Preview

A threat analyst wants to incorporate a requirement in the threat knowledge repository that provides an ability to modify or delete past or irrelevant threat data.

Which of the following requirement must he include in the threat knowledge repository to fulfil his needs?

A company, TechSoft Solutions, implemented a threat intelligence program and began developing operational capabilities obtained in the previous levels and created an organized team approach for strategic analysis. The company also established necessary intelligence processes and workflows to extract their own threat intelligence.

Identify the threat intelligence maturity level at which the company stands.

Kira works as a security analyst in an organization. She was asked to define and set up the requirements before collecting threat intelligence information. The requirements should focus on what must be collected in order to fulfil production intelligence.

Which of the following categories of threat intelligence requirements should Kira focus on?

To extract useful intelligence from the gathered bulk data and to improve the efficiency of the composite bulk data, Sam, a threat analyst, follows a data analysis method where he creates a logical sequence of events based on the assumptions of an adversary’s proposed actions, mechanisms, indicators, and implications. To develop accurate predictions, he further takes into consideration the important factors including bad actors, methods, vulnerabilities, targets, and so on.

Which of the following data analysis methods is used by Sam to extract useful intelligence out of bulk data?

In which of the following levels of the threat hunting maturity model (HMM) does an organization use threat intelligence to search for anomalies in the network, follow the latest threat reports gathered from open and closed sources, and use open-source tools for analysis?

Marie, a threat analyst at an organization named TechSavvy, was asked to perform operational threat intelligence analysis to get contextual information about security events and incidents.
Which of the following sources does Marie need to use to perform operational threat intelligence analysis?

You are the leading cybersecurity analyst at financial institutions. An anomaly is detected in the network, suggesting a potential security threat. To proactively investigate and mitigate the risk, arrange the following steps in the correct sequence as part of the threat hunting process:

1. Investigation
2. Collect and process data
3. Response
4. Hypothesis
5. Trigger

a) 5 –> 3 –> 1 –> 4 –> 2
b) 3 –> 2 –> 5 –> 1 –> 4
c) 4 –> 1 –> 3 –> 5 –> 2
d) 4 –> 2 –> 5 –> 1 –> 3

Sean works as a threat intelligence analyst. He is assigned a project for information gathering on a client’s network to find a potential threat. He started analysis and was trying to find out the company’s internal URLs, looking for any information about the different departments and business units. He was unable to find any information.

What should Sean do to get the information he needs?

You are a cybersecurity analyst working at a financial institution. An unusual pattern of financial transactions was detected, suggesting potential fraud or money laundering. What specific type of threat intelligence would you rely on to analyze these financial activities and identify potential risks?

Marry wants to follow an iterative and incremental approach to prioritize requirements in order to protect the important assets of an organization against attacks. She wants to set the requirements based on the order of priority, where the most important requirement must be met before, for a greater chance of success. She wants to apply prioritization tasks, scenarios, use cases, tests, and so on.

Which of the following methodologies should Marry use to prioritize the requirements?

A consortium was established in a collaborative effort to strengthen the cybersecurity posture of multiple organizations within an industry sector. The participating entities decided to adopt a threat intelligence exchange architecture in which all threat data is collected, analyzed, and disseminated through a single central hub. What type of threat intelligence exchange architecture was implemented in this scenario?

John, a threat intelligence analyst in Cybertech Company, was asked to obtain information that provides greater insight into the current cyber risks. To gather such information, John needs to find the answer of the following questions:

• Why the organization might be attacked?
• How the organization might be attacked?
• Who might be the intruders?

Identity the type of security testing John is going to perform.

CalSoft is a large-scale organization that wants to establish a certain level of trust before sharing intelligence within the organization. As various departments in the organization share information frequently, they decided to use different trust models for different departments. In addition, the organization acts as a provider of threat intelligence to all connected members and organizations.

Which of the following organizational trust models should be used by CalSoft?

Philip, a professional hacker, is planning to attack an organization. In order to collect information, he covertly collects information from the target person by maintaining a personal or other relationship with the target person.
Which of the following intelligence sources is used by Philip to collect information about the target organization?

An organization, namely, Highlander, Inc., decided to integrate threat intelligence into the incident response process for rapid detection and recovery from various security incidents.

In which of the following phases of the incident response management does the organization utilize operational and tactical threat intelligence to provide context to the alerts generated by various security mechanisms?

James, a senior threat intelligence officer, was tasked with assessing the success and failure of the threat intelligence program established by the organization. As part of the assessment, James reviewed the outcome of the intelligence program, determined if any improvements were required in the program, and identified the past learnings that can be applied to the future program.
Identify the activity performed by James in the above scenario.

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?

Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?

Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

Cybersol Technologies initiated a cyber-threat intelligence program with a team of threat intelligence analysts. During the process, the analysts started converting the raw data into useful information by applying various techniques, such as machine-based techniques, and statistical methods.
In which of the following phases of the threat intelligence lifecycle is the threat intelligence team currently working?

Jian is a member of the security team at Trinity, Inc. He was conducting a real-time assessment of system activities in order to acquire threat intelligence feeds. He acquired feeds from sources like honeynets, P2P monitoring. infrastructure, and application logs.
Which of the following categories of threat intelligence feed was acquired by Jian?

In which of the following storage architecture is the data stored in a localized system, server, or storage hardware and capable of storing a limited amount of data in its database and locally available for data usage?

Alison, an analyst in an XYZ organization, wants to retrieve information about a company’s website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.

Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?