NEW QUESTION 1
Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?

• A. Jim should identify the attack at an initial stage by checking the content of the user agent field.
• B. Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.
• C. Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.
• D. Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.

Answer: C

NEW QUESTION 2
What is the correct sequence of steps involved in scheduling a threat intelligence program?
* 1. Review the project charter
* 2. Identify all deliverables
* 3. Identify the sequence of activities
* 4. Identify task dependencies
* 5. Develop the final schedule
* 6. Estimate duration of each activity
* 7. Identify and estimate resources for all activities
* 8. Define all activities
* 9. Build a work breakdown structure (WBS)

• A. 1-->9-->2-->8-->3-->7-->4-->6-->5
• B. 3-->4-->5-->2-->1-->9-->8-->7-->6
• C. 1-->2-->3-->4-->5-->6-->9-->8-->7
• D. 1-->2-->3-->4-->5-->6-->7-->8-->9

Answer: A

NEW QUESTION 3
Alice, an analyst, shared information with security operation managers and network operations center (NOC) staff for protecting the organizational resources against various threats. Information shared by Alice was highly technical and include threat actor TTPs, malware campaigns, tools used by threat actors, and so on.
Which of the following types of threat intelligence was shared by Alice?

• A. Strategic threat intelligence
• B. Tactical threat intelligence
• C. Technical threat intelligence
• D. Operational threat intelligence

Answer: C

NEW QUESTION 4
In which of the following attacks does the attacker exploit vulnerabilities in a computer application before the software developer can release a patch for them?

• A. Active online attack
• B. Zero-day attack
• C. Distributed network attack
• D. Advanced persistent attack

Answer: B

NEW QUESTION 5
In a team of threat analysts, two individuals were competing over projecting their own hypotheses on a given malware. However, to find logical proofs to confirm their hypotheses, the threat intelligence manager used a de-biasing strategy that involves learning strategic decision making in the circumstances comprising multistep interactions with numerous representatives, either having or without any perfect relevant information.
Which of the following de-biasing strategies the threat intelligence manager used to confirm their hypotheses?

• A. Game theory
• B. Machine learning
• C. Decision theory
• D. Cognitive psychology

Answer: C

NEW QUESTION 6
Joe works as a threat intelligence analyst with Xsecurity Inc. He is assessing the TI program by comparing the project results with the original objectives by reviewing project charter. He is also reviewing the list of expected deliverables to ensure that each of those is delivered to an acceptable level of quality.
Identify the activity that Joe is performing to assess a TI program’s success or failure.

• A. Determining the fulfillment of stakeholders
• B. Identifying areas of further improvement
• C. Determining the costs and benefits associated with the program
• D. Conducting a gap analysis

Answer: D

NEW QUESTION 7
Walter and Sons Company has faced major cyber attacks and lost confidential data. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.
Which of the following techniques will help Alice to perform qualitative data analysis?

• A. Regression analysis, variance analysis, and so on
• B. Numerical calculations, statistical modeling, measurement, research, and so on.
• C. Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on
• D. Finding links between data and discover threat-related information

Answer: C

NEW QUESTION 8
Which of the following characteristics of APT refers to numerous attempts done by the attacker to gain entry to the target’s network?

• A. Risk tolerance
• B. Timeliness
• C. Attack origination points
• D. Multiphased

Answer: C

NEW QUESTION 9
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?

• A. DHCP attacks
• B. MAC spoofing attack
• C. Distributed Denial-of-Service (DDoS) attack
• D. Bandwidth attack

Answer: C

NEW QUESTION 10
Jame, a professional hacker, is trying to hack the confidential information of a target organization. He identified the vulnerabilities in the target system and created a tailored deliverable malicious payload using an exploit and a backdoor to send it to the victim.
Which of the following phases of cyber kill chain methodology is Jame executing?

• A. Reconnaissance
• B. Installation
• C. Weaponization
• D. Exploitation

Answer: C

NEW QUESTION 11
Karry, a threat analyst at an XYZ organization, is performing threat intelligence analysis. During the data collection phase, he used a data collection method that involves no participants and is purely based on analysis and observation of activities and processes going on within the local boundaries of the organization.
Identify the type data collection method used by the Karry.

• A. Active data collection
• B. Passive data collection
• C. Exploited data collection
• D. Raw data collection

Answer: B

NEW QUESTION 12
Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?

• A. Mediated trust
• B. Mandated trust
• C. Direct historical trust
• D. Validated trust

Answer: D

NEW QUESTION 13
Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?

• A. Intelligence related to increased attacks targeting a particular software or operating system vulnerability
• B. Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)
• C. Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs
• D. Intelligence that reveals risks related to various strategic business decisions

Answer: B

NEW QUESTION 14
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?

• A. Sandboxing
• B. Normalization
• C. Data visualization
• D. Convenience sampling

Answer: B

NEW QUESTION 15
Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?

• A. Data collection through passive DNS monitoring
• B. Data collection through DNS interrogation
• C. Data collection through DNS zone transfer
• D. Data collection through dynamic DNS (DDNS)

Answer: B

NEW QUESTION 16
......