Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).

Which TLP color would you signify that information should be shared only within a particular community?

A.

Red

B.

White

C.

Green

D.

Amber

Full Access
Question # 5

A network administrator working in an ABC organization collected log files generated by a traffic monitoring system, which may not seem to have useful information, but afterperforming proper analysis by him, the same information can be used to detect an attack in the network.

Which of the following categories of threat information has he collected?

A.

Advisories

B.

Strategic reports

C.

Detection indicators

D.

Low-level data

Full Access
Question # 6

A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.

Which of the following attacks is performed on the client organization?

A.

DHCP attacks

B.

MAC spoofing attack

C.

Distributed Denial-of-Service (DDoS) attack

D.

Bandwidth attack

Full Access
Question # 7

Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.

Which of the following online sources should Alice use to gather such information?

A.

Financial services

B.

Social network settings

C.

Hacking forums

D.

Job sites

Full Access
Question # 8

Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages:

Stage 1: Build asset-based threat profiles

Stage 2: Identify infrastructure vulnerabilities

Stage 3: Develop security strategy and plans

Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

A.

TRIKE

B.

VAST

C.

OCTAVE

D.

DREAD

Full Access
Question # 9

John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.

What phase of the advanced persistent threat lifecycle is John currently in?

A.

Initial intrusion

B.

Search and exfiltration

C.

Expansion

D.

Persistence

Full Access
Question # 10

During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary’s information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.

Identify the type of threat intelligence analysis is performed by John.

A.

Operational threat intelligence analysis

B.

Technical threat intelligence analysis

C.

Strategic threat intelligence analysis

D.

Tactical threat intelligence analysis

Full Access
Question # 11

Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He performs hacking to obtain confidential data such as social security numbers, personally identifiable information (PII) of an employee, and credit card information. After obtaining confidential data, he further sells the information on the black market to make money.

Daniel comes under which of the following types of threat actor.

A.

Industrial spies

B.

State-sponsored hackers

C.

Insider threat

D.

Organized hackers

Full Access
Question # 12

Walter and Sons Company has faced major cyber attacks and lost confidential data. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.

Which of the following techniques will help Alice to perform qualitative data analysis?

A.

Regression analysis, variance analysis, and so on

B.

Numerical calculations, statistical modeling, measurement, research, and so on.

C.

Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on

D.

Finding links between data and discover threat-related information

Full Access
Question # 13

Joe works as a threat intelligence analyst with Xsecurity Inc. He is assessing the TI program by comparing the project results with the original objectives by reviewing project charter. He is also reviewing the list of expected deliverables to ensure that each of those is delivered to an acceptable level of quality.

Identify the activity that Joe is performing to assess a TI program’s success or failure.

A.

Determining the fulfillment of stakeholders

B.

Identifying areas of further improvement

C.

Determining the costs and benefits associated with the program

D.

Conducting a gap analysis

Full Access
Question # 14

An organization suffered many major attacks and lost critical information, such as employee records, and financial information. Therefore, the management decides to hire a threat analyst to extract the strategic threat intelligence that provides high-level information regarding current cyber-security posture, threats, details on the financial impact of various cyber-activities, and so on.

Which of the following sources will help the analyst to collect the required intelligence?

A.

Active campaigns, attacks on other organizations, data feeds from external third parties

B.

OSINT, CTI vendors, ISAO/ISACs

C.

Campaign reports, malware, incident reports, attack group reports, human intelligence

D.

Human, social media, chat rooms

Full Access
Question # 15

Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.

Which of the following are the needs of a RedTeam?

A.

Intelligence related to increased attacks targeting a particular software or operating system vulnerability

B.

Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)

C.

Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs

D.

Intelligence that reveals risks related to various strategic business decisions

Full Access