Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on. What should Jim do to detect the data staging before the hackers exfiltrate from the network?

Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.

Jim should identify the attack at an initial stage by checking the content of the user agent field.

Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.

Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.

A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization. Which of the following attacks is performed on the client organization?

Distributed Denial-of-Service (DDoS) attack

Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information. Which of the following key indicators of compromise does this scenario present?

Unusual outbound network traffic

Unusual activity through privileged user account

What is the correct sequence of steps involved in scheduling a threat intelligence program? 1. Review the project charter 2. Identify all deliverables 3. Identify the sequence of activities 4. Identify task dependencies 5. Develop the final schedule 6. Estimate duration of each activity 7. Identify and estimate resources for all activities 8. Define all activities 9. Build a work breakdown structure (WBS)

1-->9-->2-->8-->3-->7-->4-->6-->5

3-->4-->5-->2-->1-->9-->8-->7-->6

1-->2-->3-->4-->5-->6-->9-->8-->7

1-->2-->3-->4-->5-->6-->7-->8-->9

Kim, an analyst, is looking for an intelligence-sharing platform to gather and share threat information from a variety of sources. He wants to use this information to develop security policies to enhance the overall security posture of his organization. Which of the following sharing platforms should be used by Kim?

Blueliv threat exchange network

During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary’s information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries. Identify the type of threat intelligence analysis is performed by John.

Tactical threat intelligence analysis

Operational threat intelligence analysis

Technical threat intelligence analysis

Strategic threat intelligence analysis

Joe works as a threat intelligence analyst with Xsecurity Inc. He is assessing the TI program by comparing the project results with the original objectives by reviewing project charter. He is also reviewing the list of expected deliverables to ensure that each of those is delivered to an acceptable level of quality. Identify the activity that Joe is performing to assess a TI program’s success or failure.

Determining the fulfillment of stakeholders

Identifying areas of further improvement

Determining the costs and benefits associated with the program

An organization suffered many major attacks and lost critical information, such as employee records, and financial information. Therefore, the management decides to hire a threat analyst to extract the strategic threat intelligence that provides high-level information regarding current cyber-security posture, threats, details on the financial impact of various cyber-activities, and so on. Which of the following sources will help the analyst to collect the required intelligence?

Active campaigns, attacks on other organizations, data feeds from external third parties

Campaign reports, malware, incident reports, attack group reports, human intelligence

Human, social media, chat rooms

Sam works as an analyst in an organization named InfoTech Security. He was asked to collect information from various threat intelligence sources. In meeting the deadline, he forgot to verify the threat intelligence sources and used data from an open-source data provider, who offered it at a very low cost. Through it was beneficial at the initial stage but relying on such data providers can produce unreliable data and noise putting the organization network into risk. What mistake Sam did that led to this situation?

Sam used unreliable intelligence sources.

Sam did not use the proper standardization formats for representing threat data.

Sam did not use the proper technology to use or consume the information.

An XYZ organization hired Mr. Andrews, a threat analyst. In order to identify the threats and mitigate the effect of such threats, Mr. Andrews was asked to perform threat modeling. During the process of threat modeling, he collected important information about the treat actor and characterized the analytic behavior of the adversary that includes technological details, goals, and motives that can be useful in building a strong countermeasure. What stage of the threat modeling is Mr. Andrews currently in?

Threat profiling and attribution

Threat determination and identification

Alison, an analyst in an XYZ organization, wants to retrieve information about a company’s website from the time of its inception as well as the removed information from the target website. What should Alison do to get the information he needs. A. Alison should use SmartWhois to extract the required website information. B. Alison should use https://archive.org to extract the required website information. C. Alison should run the Web Data Extractor tool to extract the required website information. D. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.

Alison should use https://archive.org to extract the required website information.

Alison should use SmartWhois to extract the required website information.

Alison should run the Web Data Extractor tool to extract the required website information.

Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.

ABC is a well-established cyber-security company in the United States. The organization implemented the automation of tasks such as data enrichment and indicator aggregation. They also joined various communities to increase their knowledge about the emerging threats. However, the security teams can only detect and prevent identified threats in a reactive approach. Based on threat intelligence maturity model, identify the level of ABC to know the stage at which the organization stands with its security and vulnerabilities. A. Level 2: increasing CTI capabilities B. Level 3: CTI program in place C. Level 1: preparing for CTI D. Level 0: vague where to start

Level 2: increasing CTI capabilities

Sarah is a security operations center (SOC) analyst working at JW Williams and Sons organization based in Chicago. As a part of security operations, she contacts information providers (sharing partners) for gathering information such as collections of validated and prioritized threat indicators along with a detailed technical analysis of malware samples, botnets, DDoS attack methods, and various other malicious tools. She further used the collected information at the tactical and operational levels. Sarah obtained the required information from which of the following types of sharing partner?

Providers of comprehensive cyber-threat intelligence

Walter and Sons Company has faced major cyber attacks and lost confidential data. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data. Which of the following techniques will help Alice to perform qualitative data analysis?

Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on

Regression analysis, variance analysis, and so on

Numerical calculations, statistical modeling, measurement, research, and so on.

Finding links between data and discover threat-related information

H&P, Inc. is a small-scale organization that has decided to outsource the network security monitoring due to lack of resources in the organization. They are looking for the options where they can directly incorporate threat intelligence into their existing network defense solutions. Which of the following is the most cost-effective methods the organization can employ?

Recruit managed security service providers (MSSP)

Look for an individual within the organization

Recruit data management solution provider

Henry. a threat intelligence analyst at ABC Inc., is working on a threat intelligence program. He was assigned to work on establishing criteria for prioritization of intelligence needs and requirements. Which of the following considerations must be employed by Henry to prioritize intelligence requirements?

Understand frequency and impact of a threat

A company, TechSoft Solutions, implemented a threat intelligence program and began developing operational capabilities obtained in the previous levels and created an organized team approach for strategic analysis. The company also established necessary intelligence processes and workflows to extract their own threat intelligence. Identify the threat intelligence maturity level at which the company stands.

Level 4: well-defined CTI program

Level 2: increasing CTI capabilities

IT Preparation Quiz

1.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He performs hacking to obtain confidential data such as social security numbers, personally identifiable information (PII) of an employee, and credit card information. After obtaining confidential data, he further sells the information on the black market to make money.
Daniel comes under which of the following types of threat actor.

Industrial spies

State-sponsored hackers

Insider threat

Organized hackers

2.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

DNS zone transfer

Dynamic DNS

DNS interrogation

Fast-Flux DNS

3.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?

White

Green

Amber

Red

4.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Moses, a threat intelligence analyst at InfoTec Inc., wants to find crucial information about the potential threats the organization is facing by using advanced Google search operators. He wants to identify whether any fake websites are hosted at the similar to the organization’s URL.
Which of the following Google search queries should Moses use?

related: www.infothech.org

info: www.infothech.org

link: www.infothech.org

cache: www.infothech.org

5.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A team of threat intelligence analysts is performing threat analysis on malware, and each of them has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic processes must threat intelligence manager use?

Threat modelling

Application decomposition and analysis (ADA)

Analysis of competing hypotheses (ACH)

Automated technical analysis

6.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?

Sandboxing

Normalization

Data visualization

Convenience sampling

7.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?

Intelligence related to increased attacks targeting a particular software or operating system vulnerability

Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)

Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs

Intelligence that reveals risks related to various strategic business decisions

8.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?

Unknown unknowns

Unknowns unknown

Known unknowns

Known knowns

9.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?

Data collection through passive DNS monitoring

Data collection through DNS interrogation

Data collection through DNS zone transfer

Data collection through dynamic DNS (DDNS)

10.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?

Initial intrusion

Search and exfiltration

Expansion

Persistence

IT Preparation

63 questions

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?

Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

IT Preparation

63 questions

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).Which TLP color would you signify that information should be shared only within a particular community?

Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.Which of the following are the needs of a RedTeam?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?

Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?