In system-level analysis for detecting malware installation, which of the following is NOT typically considered a strong indicator of malicious activity when found in Internet Explorer's temporary files?

Standard-sized iframes with normal content

Invisible iframes with dimensions of 0x0 or 100x0

Flash files in conjunction with other suspicious indicators

Files with MAC times aligning closely to known Stage 5 indicators

Based on the PUTTER PANDA case study, which of the following techniques was NOT used in attributing the threat actor to a specific Chinese military unit?

Interception of encrypted communications

Analysis of domain registration information

Examination of social media profiles and personal blogs

Geolocation based on background details in photographs

Why is compromising an authoritative DNS server and adding new host records considered more effective for adversaries compared to using malicious domains?

It's more likely to bypass both network and human sensors

It provides faster DNS resolution

It allows for unlimited domain creation

What is the primary advantage for adversaries in using a DDNS domain with a very low Time-To-Live (TTL) value?

It allows for rapid changes in IP address mapping

It makes the domain resolve faster

It improves the overall network performance

It helps hide the true identity of the domain owner

In the "Poison Hurricane" case study, what was the primary vulnerability in Hurricane Electric's DNS hosting service that allowed adversaries to redirect legitimate traffic to malicious IP addresses?

Hurricane Electric's DNS hosting service did not verify whether the domain being registered was already hosted elsewhere, allowing adversaries to create DNS entries for existing domains like " www.adobe.com " and point them to malicious IPs.

Hurricane Electric's DNS servers were vulnerable to DDoS attacks, which allowed adversaries to overwhelm legitimate DNS traffic.

Hurricane Electric's DNS servers were outdated and had known vulnerabilities, which allowed adversaries to compromise the servers directly.

Hurricane Electric's DNS hosting service required no authentication, allowing anyone to modify DNS records without verification.

Which information can not be revealed from the below timestamps and program database (PDB) strings in the GravityRAT samples ?

The specific functions and behavior of the malware

The compilation dates of the malware samples

The directory paths where the malware was compiled

The SHA256 hashes of the malware samples

Which of the following best describes the concept of "human fingerprints" in malware analysis?

Adversary choices and artifacts that provide insight into the humans behind the malware

Literal fingerprints left on keyboards by careless hackers

Unique coding patterns that identify specific malware families

Biometric data embedded in malware for authentication purposes

How should CTI teams handle the generation of intelligence requirements?

By proactively creating and positioning requirements for feedback

By waiting for consumers to define their needs

By following a fixed template provided by senior management

By focusing solely on technical data collection

What can be a major source of generating intelligence requirements

The organization’s threat model

Historical data from previous intrusions

You're analyzing a series of attacks against your industry. How would the VCAF (Victim-Centric Attack Framework) MOST effectively contribute to your analysis?

By categorizing the attacker's tactics, techniques, and procedures (TTPs)

By providing a detailed timeline of the attacker's actions

By estimating the financial impact of each attack

By identifying the specific malware variants used in each attack

While applying the Diamond Model to a recent campaign, you notice a consistent infrastructure but varying capabilities. What does this MOST likely indicate about the threat actor?

They are reusing infrastructure across multiple operations

They are rapidly evolving their tactics

They are part of a larger, coordinated group

They are attempting to mislead attribution efforts

Your team has identified multiple ways to counter a persistent threat. How would you BEST use the Courses of Action Matrix to present options to leadership?

Evaluate each action's potential impact on business operations

Rank actions solely based on their technical effectiveness

Prioritize actions that have worked for other organizations

Focus on actions that require the least resources to implement

You've been tasked with improving your SOC's detection capabilities. How could you MOST effectively leverage the MITRE ATT&CK framework for this purpose?

Map your current detections to identify coverage gaps

Use it to generate a comprehensive list of all possible alerts

Replace your existing alert system with ATT&CK's categories

Focus exclusively on detecting techniques used by APT groups

Cti Quiz

Authored by Tevfik Pehlivan

Mathematics

Professional Development

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

24 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the role of a Collection Management Framework (CMF)?

To store all collected threat data securely

To plan how data is collected, from where, and what type

To manage the budget for the CTI team

To train new analysts in threat detection

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following best describes Priority Intelligence Requirements (PIRs)?

Optional requirements

Mission-critical requirements

Software-generated requirements

External threat requirements

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What should be done when executives request attribution on a specific threat group without first-hand data?

Provide a generic report

Outsource the analysis

Clarify that the requirement cannot be confidently satisfied

Ignore the request

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

During a recent financial breach investigation, you discover malware behavior similar to the Carbanak group. Which of the following scenarios is MOST likely based on this group's tactics?

Unauthorized SWIFT transfers to offshore accounts

ATM machines dispensing cash at predetermined times

Modification of database records to inflate account balances

Encryption of financial records for ransom

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following statements best describes the significance of Industroyer (also known as Crashoverride) malware in the context of cyber threats to critical infrastructure?

It was the first malware to specifically target smart home devices, highlighting vulnerabilities in IoT infrastructure.

It was the first known malware designed to disrupt electric grid operations, capable of causing power outages by attacking multiple industrial control protocols.

It was primarily a data exfiltration tool, focusing on stealing sensitive information from power companies without causing operational disruptions.

It was a cryptocurrency mining malware that specifically targeted the computing infrastructure of power plants, affecting their operational efficiency.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Your team needs to gather intelligence on a new threat actor targeting your industry. Which approach within the External Collection Management Framework would be MOST effective for prioritizing your collection efforts?

Focusing solely on technical indicators from previous attacks

Aligning collection requirements with your organization's strategic objectives

Maximizing the volume of data collected from all available sources

Relying primarily on open-source intelligence (OSINT) to reduce costs

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You're investigating a sophisticated supply chain attack. Using the Target-Centric Intelligence Analysis model, what should be your FIRST step?

Identify all potential adversaries capable of such an attack

Define the specific target of interest within the supply chain

Collect all available data related to supply chain attacks

Assess the impact on your organization's operations

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Mathematics

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

Cti Quiz

What is the role of a Collection Management Framework (CMF)?

Which of the following best describes Priority Intelligence Requirements (PIRs)?

What should be done when executives request attribution on a specific threat group without first-hand data?

During a recent financial breach investigation, you discover malware behavior similar to the Carbanak group. Which of the following scenarios is MOST likely based on this group's tactics?

Which of the following statements best describes the significance of Industroyer (also known as Crashoverride) malware in the context of cyber threats to critical infrastructure?

Your team needs to gather intelligence on a new threat actor targeting your industry. Which approach within the External Collection Management Framework would be MOST effective for prioritizing your collection efforts?

You're investigating a sophisticated supply chain attack. Using the Target-Centric Intelligence Analysis model, what should be your FIRST step?

In system-level analysis for detecting malware installation, which of the following is NOT typically considered a strong indicator of malicious activity when found in Internet Explorer's temporary files?

In the context of cyber threat intelligence, which of the following is NOT considered a primary source for obtaining malware samples?

Which of the following is considered one of the basic, most pivotable indicator types in cyber threat intelligence, and is often associated with compromised systems, actor registrations, or Dynamic DNS?

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Mathematics