ECCOUNCIL-CTIA

In which of the following levels of the threat hunting maturity model (HMM) does an organization use threat intelligence to search for anomalies in the network, follow the latest threat reports gathered from open and closed sources, and use open-source tools for analysis?

To extract useful intelligence from the gathered bulk data and to improve the efficiency of the composite bulk data, Sam, a threat analyst, follows a data analysis method where he creates a logical sequence of events based on the assumptions of an adversary’s proposed actions, mechanisms, indicators, and implications. To develop accurate predictions, he further takes into consideration the important factors including bad actors, methods, vulnerabilities, targets, and so on. Which of the following data analysis methods is used by Sam to extract useful intelligence out of bulk data?

You are the leading cybersecurity analyst at financial institutions. An anomaly is detected in the network, suggesting a potential security threat. To proactively investigate and mitigate the risk, arrange the following steps in the correct sequence as part of the threat hunting process: 1) Investigation 2) Collect and process data 3) Response 4) Hypothesis 5) Trigger a) 5 –> 3 –> 1 –> 4 –> 2 b) 3 –> 2 –> 5 –> 1 –> 4 c) 4 –> 1 –> 3 –> 5 –> 2 d) 4 –> 2 –> 5 –> 1 –> 3

Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats. What stage of the cyber-threat intelligence is Michael currently in?

Philip, a professional hacker, is planning to attack an organization. In order to collect information, he covertly collects information from the target person by maintaining a personal or other relationship with the target person. Which of the following intelligence sources is used by Philip to collect information about the target organization?

Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He performs hacking to obtain confidential data such as social security numbers, personally identifiable information (PII) of an employee, and credit card information. After obtaining confidential data, he further sells the information on the black market to make money. Daniel comes under which of the following types of threat actor.

John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques. What phase of the advanced persistent threat lifecycle is John currently in?

Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on. What should Jim do to detect the data staging before the hackers exfiltrate from the network?

Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization. Which of the following types of trust model is used by Garry to establish the trust?

A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization. Which of the following attacks is performed on the client organization?

A threat analyst wants to incorporate a requirement in the threat knowledge repository that provides an ability to modify or delete past or irrelevant threat data. Which of the following requirement must he include in the threat knowledge repository to fulfil his needs?

A consortium was established in a collaborative effort to strengthen the cybersecurity posture of multiple organizations within an industry sector. The participating entities decided to adopt a threat intelligence exchange architecture in which all threat data is collected, analyzed, and disseminated through a single central hub. What type of threat intelligence exchange architecture was implemented in this scenario?

A company, TechSoft Solutions, implemented a threat intelligence program and began developing operational capabilities obtained in the previous levels and created an organized team approach for strategic analysis. The company also established necessary intelligence processes and workflows to extract their own threat intelligence. Identify the threat intelligence maturity level at which the company stands.

You are a cybersecurity analyst working at a financial institution. An unusual pattern of financial transactions was detected, suggesting potential fraud or money laundering. What specific type of threat intelligence would you rely on to analyze these financial activities and identify potential risks?

Sean works as a threat intelligence analyst. He is assigned a project for information gathering on a client’s network to find a potential threat. He started analysis and was trying to find out the company’s internal URLs, looking for any information about the different departments and business units. He was unable to find any information. What should Sean do to get the information he needs?

Marry wants to follow an iterative and incremental approach to prioritize requirements in order to protect the important assets of an organization against attacks. She wants to set the requirements based on the order of priority, where the most important requirement must be met before, for a greater chance of success. She wants to apply prioritization tasks, scenarios, use cases, tests, and so on. Which of the following methodologies should Marry use to prioritize the requirements?

Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data. Which of the following techniques was employed by Miley?

John, a threat intelligence analyst in Cybertech Company, was asked to obtain information that provides greater insight into the current cyber risks. To gather such information, John needs to find the answer of the following questions: • Why the organization might be attacked? • How the organization might be attacked? • Who might be the intruders? Identity the type of security testing John is going to perform.

Kira works as a security analyst in an organization. She was asked to define and set up the requirements before collecting threat intelligence information. The requirements should focus on what must be collected in order to fulfil production intelligence. Which of the following categories of threat intelligence requirements should Kira focus on?

Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization. Which of the following are the needs of a RedTeam?

What is the correct sequence of steps involved in scheduling a threat intelligence program? 1. Review the project charter 2. Identify all deliverables 3. Identify the sequence of activities 4. Identify task dependencies 5. Develop the final schedule 6. Estimate duration of each activity 7. Identify and estimate resources for all activities 8. Define all activities 9. Build a work breakdown structure (WBS)

Kim, an analyst, is looking for an intelligence-sharing platform to gather and share threat information from a variety of sources. He wants to use this information to develop security policies to enhance the overall security posture of his organization. Which of the following sharing platforms should be used by Kim?

During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary’s information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries. Identify the type of threat intelligence analysis is performed by John.

SecurityTech Inc. is developing a TI plan where it can drive more advantages in less funds. In the process of selecting a TI platform, it wants to incorporate a feature that ranks elements such as intelligence sources, threat actors, attacks, and digital assets of the organization, so that it can put in more funds toward the resources which are critical for the organization’s security. Which of the following key features should SecurityTech Inc. consider in their TI plan for selecting the TI platform?

Mr. Bob, a threat analyst, is performing analysis of competing hypotheses (ACH). He has reached to a stage where he is required to apply his analysis skills effectively to reject as many hypotheses and select the best hypotheses from the identified bunch of hypotheses, and this is done with the help of listed evidence. Then, he prepares a matrix where all the screened hypotheses are placed on the top, and the listed evidence for the hypotheses are placed at the bottom. What stage of ACH is Bob currently in?

Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header. Connection status and content type Accept-ranges and last-modified information X-powered-by information - Web server in use and its version Which of the following tools should the Tyrion use to view header content?

Joe works as a threat intelligence analyst with Xsecurity Inc. He is assessing the TI program by comparing the project results with the original objectives by reviewing project charter. He is also reviewing the list of expected deliverables to ensure that each of those is delivered to an acceptable level of quality. Identify the activity that Joe is performing to assess a TI program’s success or failure.

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP). Which TLP color would you signify that information should be shared only within a particular community?

An analyst wants to disseminate the information effectively so that the consumers can acquire and benefit out of the intelligence. Which of the following criteria must an analyst consider in order to make the intelligence concise, to the point, accurate, and easily understandable and must consist of a right balance between tables, narrative, numbers, graphics, and multimedia?

Tracy works as a CISO in a large multinational company. She consumes threat intelligence to understand the changing trends of cyber security. She requires intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, improvement of processes, and staff. The intelligence helps her in minimizing business risks and protecting the new technology and business initiatives. Identify the type of threat intelligence consumer is Tracy.