NEW QUESTION 1
Tracy works as a CISO in a large multinational company. She consumes threat intelligence to understand the changing trends of cyber security. She requires intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, improvement of processes, and staff. The intelligence helps her in minimizing business risks and protecting the new technology and business initiatives.
Identify the type of threat intelligence consumer is Tracy.

• A. Tactical users
• B. Strategic users
• C. Operational users
• D. Technical users

Answer: B

NEW QUESTION 2
Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?

• A. Data collection through passive DNS monitoring
• B. Data collection through DNS interrogation
• C. Data collection through DNS zone transfer
• D. Data collection through dynamic DNS (DDNS)

Answer: B

NEW QUESTION 3
Jame, a professional hacker, is trying to hack the confidential information of a target organization. He identified the vulnerabilities in the target system and created a tailored deliverable malicious payload using an exploit and a backdoor to send it to the victim.
Which of the following phases of cyber kill chain methodology is Jame executing?

• A. Reconnaissance
• B. Installation
• C. Weaponization
• D. Exploitation

Answer: C

NEW QUESTION 4
What is the correct sequence of steps involved in scheduling a threat intelligence program?
* 1. Review the project charter
* 2. Identify all deliverables
* 3. Identify the sequence of activities
* 4. Identify task dependencies
* 5. Develop the final schedule
* 6. Estimate duration of each activity
* 7. Identify and estimate resources for all activities
* 8. Define all activities
* 9. Build a work breakdown structure (WBS)

• A. 1-->9-->2-->8-->3-->7-->4-->6-->5
• B. 3-->4-->5-->2-->1-->9-->8-->7-->6
• C. 1-->2-->3-->4-->5-->6-->9-->8-->7
• D. 1-->2-->3-->4-->5-->6-->7-->8-->9

Answer: A

NEW QUESTION 5
SecurityTech Inc. is developing a TI plan where it can drive more advantages in less funds. In the process of selecting a TI platform, it wants to incorporate a feature that ranks elements such as intelligence sources, threat actors, attacks, and digital assets of the organization, so that it can put in more funds toward the resources which are critical for the organization’s security.
Which of the following key features should SecurityTech Inc. consider in their TI plan for selecting the TI platform?

• A. Search
• B. Open
• C. Workflow
• D. Scoring

Answer: D

NEW QUESTION 6
Kim, an analyst, is looking for an intelligence-sharing platform to gather and share threat information from a variety of sources. He wants to use this information to develop security policies to enhance the overall security posture of his organization.
Which of the following sharing platforms should be used by Kim?

• A. Cuckoo sandbox
• B. OmniPeek
• C. PortDroid network analysis
• D. Blueliv threat exchange network

Answer: D

NEW QUESTION 7
In which of the following storage architecture is the data stored in a localized system, server, or storage hardware and capable of storing a limited amount of data in its database and locally available for data usage?

• A. Distributed storage
• B. Object-based storage
• C. Centralized storage
• D. Cloud storage

Answer: B

NEW QUESTION 8
An organization suffered many major attacks and lost critical information, such as employee records, and financial information. Therefore, the management decides to hire a threat analyst to extract the strategic threat intelligence that provides high-level information regarding current cyber-security posture, threats, details on the financial impact of various cyber-activities, and so on.
Which of the following sources will help the analyst to collect the required intelligence?

• A. Active campaigns, attacks on other organizations, data feeds from external third parties
• B. OSINT, CTI vendors, ISAO/ISACs
• C. Campaign reports, malware, incident reports, attack group reports, human intelligence
• D. Human, social media, chat rooms

Answer: B

NEW QUESTION 9
Henry. a threat intelligence analyst at ABC Inc., is working on a threat intelligence program. He was assigned to work on establishing criteria for prioritization of intelligence needs and requirements.
Which of the following considerations must be employed by Henry to prioritize intelligence requirements?

• A. Understand frequency and impact of a threat
• B. Understand data reliability
• C. Develop a collection plan
• D. Produce actionable data

Answer: A

NEW QUESTION 10
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?

• A. DHCP attacks
• B. MAC spoofing attack
• C. Distributed Denial-of-Service (DDoS) attack
• D. Bandwidth attack

Answer: C

NEW QUESTION 11
A team of threat intelligence analysts is performing threat analysis on malware, and each of them has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic processes must threat intelligence manager use?

• A. Threat modelling
• B. Application decomposition and analysis (ADA)
• C. Analysis of competing hypotheses (ACH)
• D. Automated technical analysis

Answer: C

NEW QUESTION 12
Alice, an analyst, shared information with security operation managers and network operations center (NOC) staff for protecting the organizational resources against various threats. Information shared by Alice was highly technical and include threat actor TTPs, malware campaigns, tools used by threat actors, and so on.
Which of the following types of threat intelligence was shared by Alice?

• A. Strategic threat intelligence
• B. Tactical threat intelligence
• C. Technical threat intelligence
• D. Operational threat intelligence

Answer: C

NEW QUESTION 13
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?

• A. Sandboxing
• B. Normalization
• C. Data visualization
• D. Convenience sampling

Answer: B

NEW QUESTION 14
Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?

• A. Unknown unknowns
• B. Unknowns unknown
• C. Known unknowns
• D. Known knowns

Answer: C

NEW QUESTION 15
Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?

• A. Red
• B. White
• C. Green
• D. Amber

Answer: D

NEW QUESTION 16
......