arcX Cyber Threat Intelligence 101 Answer

arcX Cyber Threat Intelligence 101 course

Interested in this course?

•  Course Summary 100% online and on-demand self-study course 
• 4+ hours of training content 
• Includes 2.5+ hours of video training 
• Engaging exercises 
• 100+ practice questions 
• arcX final micro exam

     

What is considered to be the foundation we use to build cyber threat intelligence?

 Intelligence Cycle

 Threat Feeds

 Analysis of Competing Hypothesis

 Analysis

 

A colleague has told you about an offer of money they have received to disclose sensitive organisational data. You do not know if they have carried out the action. You should report this information to your management. What type of consideration is this?

 Normal

 Legal and Ethical

 Legal

 Ethical

 

Why might it be good for a CTI analyst to feed off incident response?

 The CTI analyst can help with any post-incident recovery

 The CTI analyst can report into the board on how the clean up is going

 The CTI analyst can gain an understanding of how incident response do their job

 The CTI analyst could learn something about the threat actor that could help identify motivation, capability and intent

                       

A company hashes their data files in order to monitor whether information has been tampered with. Within the context of the CIA Triad, this example refers to?

 Confidentiality

 Integrity

 Availability

 

What is the purpose of the intelligence cycle?

 The process of developing raw information into finished intelligence for an end consumer

 The process of helping an organisation to ask good questions about their current security situation

 The process of converting questions into answers

 The process of taking intelligence and breaking it down into manageable and consumable nuggets

 

Which of these is a well-known threat actor?

 Lazarus Group

 Lazer Quest

 Pirates of the Caribbean

 Davos

 

In terms of Nation State hacking groups, which country would we typically attribute 'Fancy Bear' to?

 North Korea

 United Kingdom

 China

 Russia

 

When considering the hacker hat categories (Black, White, Grey) what would be considered as the major differentiating factor?

 Consent

 Capability

 Motivation

 Legality

 

The process of taking vast amounts of data and collating it into digestible information occurs at which stage of the intelligence cycle?

 Direction

 Dissemination

 Analysis

 Collection

 

Intelligence does not create itself… we need which of the following to help steer us?

 Dissemination

 A Cyber Attack

 Orders

 Direction

 

When do organisations typically invest the most money in cyber security?      

 Upon CTI recommendations

 After a breach

 Beginning of the financial year

 Before a breach

                                                                                                                     

What does APT stand for within the context of Cyber Threat Intelligence?

 Attack Protocol Training

 Advanced Profiled Threat

 Avanced Persistent Threat

 Attacking Persistent Threat

 

Threat hunting within log files would be an appropriate discussion point at which communication level?

 Operational

 Confidential

 Strategic

 Tactical

 

In which of the following attacks does the attacker exploit vulnerabilities in a computer application before the software developer can release a patch for them?

 Insider Attack

 Ransomware Attack

 Cyber Attack

 Zero-day Attack

 

A school uses clustered servers to ensure that its students are always able to submit their coursework, even if a server is down for maintenance. Server clustering enables which aspect of the CIA Triad?

 Integrity

 Confidentiality

 Availability

 

Which of these acts is relevant to you as a CTI analyst?

 National Secrets Act 1938

 Intelligence Act 1998

 Cyber Security Act 2003

 Official Secrets Act 1989

 

What does CTI stand for?

 Cyber Threat Investigation

 Combined Threat Intelligence

 Cyber Threat Intelligence

 Cyber Threat Information

 

CTI within the context of an organisation, is able to interact with the Security Operations Centre in the following way(s)?

 Take information out and pass it on

 Feed information in and take information out

 Feed information in

 Take information out

 

Which of the following would be considered a legal issue?

 Reporting a breach

 Finding and keeping a wallet found on the floor

 Not following company password policy

 Not telling your organisation about a potential system vulnerability

 

Which are the 3 primary ways of measuring threat actors?

 Capability, Access and Intent      

 Motivation, Experience and Access

 Motivation, Access and Intent

 Motivation, Capability and Intent

When an organisation suffers a data breach what would we hope to see happen as potential customers?

 Responsible disclosures

 Finding out who was responsible

 Reputational repair        

 Revenue saving operations

 

What is the process of forming a secure barrier between the steps of the intelligence cycle called?

 Brick Wall

 Stable Barrier

 Sterile Corridor

 Security Perimeter

 

Threat Intelligence is great at showing organisations the risks they face from external threats but which of the following risks would Threat Intelligence not be helpful for?

 Indicators of Compromise

 Advanced Persistent Threats

 Loss of Competitive Advantage

 Zero-day Threats

 

What does TTP stand for?

 Tactics, Techniques and Procedures

 Training, Techniques and Procedures

 Threats, Training and Policy

 Tactics, Threats and Preconceptions

Only authorised personnel at a company have write access to certain files. Within the context of the CIA Triad, this example refers to what?

 Availability

 Confidentiality

 Integrity