312-85 Exam - Certified Threat Intelligence Analyst

NEW QUESTION 1
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

• A. Unusual outbound network traffic
• B. Unexpected patching of systems
• C. Unusual activity through privileged user account
• D. Geographical anomalies

Answer: C

NEW QUESTION 2
In which of the following forms of bulk data collection are large amounts of data first collected from multiple sources in multiple formats and then processed to achieve threat intelligence?

• A. Structured form
• B. Hybrid form
• C. Production form
• D. Unstructured form

Answer: D

NEW QUESTION 3
Kim, an analyst, is looking for an intelligence-sharing platform to gather and share threat information from a variety of sources. He wants to use this information to develop security policies to enhance the overall security posture of his organization.
Which of the following sharing platforms should be used by Kim?

• A. Cuckoo sandbox
• B. OmniPeek
• C. PortDroid network analysis
• D. Blueliv threat exchange network

Answer: D

NEW QUESTION 4
In a team of threat analysts, two individuals were competing over projecting their own hypotheses on a given malware. However, to find logical proofs to confirm their hypotheses, the threat intelligence manager used a de-biasing strategy that involves learning strategic decision making in the circumstances comprising multistep interactions with numerous representatives, either having or without any perfect relevant information.
Which of the following de-biasing strategies the threat intelligence manager used to confirm their hypotheses?

• A. Game theory
• B. Machine learning
• C. Decision theory
• D. Cognitive psychology

Answer: C

NEW QUESTION 5
Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages:
Stage 1: Build asset-based threat profiles
Stage 2: Identify infrastructure vulnerabilities
Stage 3: Develop security strategy and plans
Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

• A. TRIKE
• B. VAST
• C. OCTAVE
• D. DREAD

Answer: C

NEW QUESTION 6
Henry. a threat intelligence analyst at ABC Inc., is working on a threat intelligence program. He was assigned to work on establishing criteria for prioritization of intelligence needs and requirements.
Which of the following considerations must be employed by Henry to prioritize intelligence requirements?

• A. Understand frequency and impact of a threat
• B. Understand data reliability
• C. Develop a collection plan
• D. Produce actionable data

Answer: A

NEW QUESTION 7
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

• A. DNS zone transfer
• B. Dynamic DNS
• C. DNS interrogation
• D. Fast-Flux DNS

Answer: D

NEW QUESTION 8
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?

• A. Sandboxing
• B. Normalization
• C. Data visualization
• D. Convenience sampling

Answer: B

NEW QUESTION 9
Alice, an analyst, shared information with security operation managers and network operations center (NOC) staff for protecting the organizational resources against various threats. Information shared by Alice was highly technical and include threat actor TTPs, malware campaigns, tools used by threat actors, and so on.
Which of the following types of threat intelligence was shared by Alice?

• A. Strategic threat intelligence
• B. Tactical threat intelligence
• C. Technical threat intelligence
• D. Operational threat intelligence

Answer: C

NEW QUESTION 10
Which of the following components refers to a node in the network that routes the traffic from a workstation to external command and control server and helps in identification of installed malware in the network?

• A. Repeater
• B. Gateway
• C. Hub
• D. Network interface card (NIC)

Answer: B

NEW QUESTION 11
Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?

• A. Jim should identify the attack at an initial stage by checking the content of the user agent field.
• B. Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.
• C. Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.
• D. Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.

Answer: C

NEW QUESTION 12
An analyst wants to disseminate the information effectively so that the consumers can acquire and benefit out of the intelligence.
Which of the following criteria must an analyst consider in order to make the intelligence concise, to the point, accurate, and easily understandable and must consist of a right balance between tables, narrative, numbers, graphics, and multimedia?

• A. The right time
• B. The right presentation
• C. The right order
• D. The right content

Answer: B

NEW QUESTION 13
Which of the following characteristics of APT refers to numerous attempts done by the attacker to gain entry to the target’s network?

• A. Risk tolerance
• B. Timeliness
• C. Attack origination points
• D. Multiphased

Answer: C

NEW QUESTION 14
An analyst is conducting threat intelligence analysis in a client organization, and during the information gathering process, he gathered information from the publicly available sources and analyzed to obtain a rich useful form of intelligence. The information source that he used is primarily used for national security, law enforcement, and for collecting intelligence required for business or strategic decision making.
Which of the following sources of intelligence did the analyst use to collect information?

• A. OPSEC
• B. ISAC
• C. OSINT
• D. SIGINT

Answer: C

NEW QUESTION 15
ABC is a well-established cyber-security company in the United States. The organization implemented the automation of tasks such as data enrichment and indicator aggregation. They also joined various communities to increase their knowledge about the emerging threats. However, the security teams can only detect and prevent identified threats in a reactive approach.
Based on threat intelligence maturity model, identify the level of ABC to know the stage at which the
organization stands with its security and vulnerabilities.

• A. Level 2: increasing CTI capabilities
• B. Level 3: CTI program in place
• C. Level 1: preparing for CTI
• D. Level 0: vague where to start

Answer: A

NEW QUESTION 16
......