Eccouncil 312-85 Exam Practice Test Instant Access

Question 1

Walter and Sons Company has faced major cyber attacks and lost confidential dat

a. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.

Which of the following techniques will help Alice to perform qualitative data analysis?

ARegression analysis, variance analysis, and so on

BNumerical calculations, statistical modeling, measurement, research, and so on.

CBrainstorming, interviewing, SWOT analysis, Delphi technique, and so on

DFinding links between data and discover threat-related information

Answer : C

For Alice to perform qualitative data analysis, techniques such as brainstorming, interviewing, SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis, and the Delphi technique are suitable. Unlike quantitative analysis, which involves numerical calculations and statistical modeling, qualitative analysis focuses on understanding patterns, themes, and narratives within the data. These techniques enable the analyst to explore the data's deeper meanings and insights, which are essential for strategic decision-making and developing a nuanced understanding of cybersecurity threats and vulnerabilities. Reference:

'Qualitative Research Methods in Cybersecurity,' SANS Institute Reading Room

'The Delphi Method for Cybersecurity Risk Assessment,' by Cybersecurity and Infrastructure Security Agency (CISA)

Question 2

Sarah is a security operations center (SOC) analyst working at JW Williams and Sons organization based in Chicago. As a part of security operations, she contacts information providers (sharing partners) for gathering information such as collections of validated and prioritized threat indicators along with a detailed technical analysis of malware samples, botnets, DDoS attack methods, and various other malicious tools. She further used the collected information at the tactical and operational levels.

Sarah obtained the required information from which of the following types of sharing partner?

AProviders of threat data feeds

BProviders of threat indicators

CProviders of comprehensive cyber-threat intelligence

DProviders of threat actors

Answer : C

The information Sarah is gathering, which includes collections of validated and prioritized threat indicators along with detailed technical analysis of malware samples, botnets, DDoS methods, and other malicious tools, indicates that she is obtaining this intelligence from providers of comprehensive cyber-threat intelligence. These providers offer a holistic view of the threat landscape, combining tactical and operational threat data with in-depth analysis and context, enabling security teams to make informed decisions and strategically enhance their defenses. Reference:

'Cyber Threat Intelligence Providers: How to Choose the Right One for Your Organization,' by CrowdStrike

'The Role of Comprehensive Cyber Threat Intelligence in Effective Cybersecurity Strategies,' by FireEye

Question 3

Alison, an analyst in an XYZ organization, wants to retrieve information about a company's website from the time of its inception as well as the removed information from the target website.

What should Alison do to get the information he needs.

AAlison should use SmartWhois to extract the required website information.

BAlison should use https://archive.org to extract the required website information.

CAlison should run the Web Data Extractor tool to extract the required website information.

DAlison should recover cached pages of the website from the Google search engine cache to extract the required website information.

Answer : B

To retrieve historical information about a company's website, including content that may have been removed or altered, Alison should use the Internet Archive's Wayback Machine, accessible at https://archive.org. The Wayback Machine is a digital archive of the World Wide Web and other information on the Internet, providing free access to snapshots of websites at various points in time. This tool is invaluable for researchers and analysts looking to understand the evolution of a website or recover lost information. Reference:

'Using the Wayback Machine for Cybersecurity Research,' Internet Archive Blogs

'Digital Forensics with the Archive's Wayback Machine,' by Jeff Kaplan, Internet Archive

Question 4

An XYZ organization hired Mr. Andrews, a threat analyst. In order to identify the threats and mitigate the effect of such threats, Mr. Andrews was asked to perform threat modeling. During the process of threat modeling, he collected important information about the treat actor and characterized the analytic behavior of the adversary that includes technological details, goals, and motives that can be useful in building a strong countermeasure.

What stage of the threat modeling is Mr. Andrews currently in?

ASystem modeling

BThreat determination and identification

CThreat profiling and attribution

DThreat ranking

Answer : C

During the threat modeling process, Mr. Andrews is in the stage of threat profiling and attribution, where he is collecting important information about the threat actor and characterizing the analytic behavior of the adversary. This stage involves understanding the technological details, goals, motives, and potential capabilities of the adversaries, which is essential for building effective countermeasures. Threat profiling and attribution help in creating a detailed picture of the adversary, contributing to a more focused and effective defense strategy. Reference:

'The Art of Threat Profiling,' by John Pirc, SANS Institute Reading Room

'Threat Modeling: Designing for Security,' by Adam Shostack

Question 5

Alice, an analyst, shared information with security operation managers and network operations center (NOC) staff for protecting the organizational resources against various threats. Information shared by Alice was highly technical and include threat actor TTPs, malware campaigns, tools used by threat actors, and so on.

Which of the following types of threat intelligence was shared by Alice?

AStrategic threat intelligence

BTactical threat intelligence

CTechnical threat intelligence

DOperational threat intelligence

Answer : B

The information shared by Alice, which was highly technical and included details such as threat actor tactics, techniques, and procedures (TTPs), malware campaigns, and tools used by threat actors, aligns with the definition of tactical threat intelligence. This type of intelligence focuses on the immediate, technical indicators of threats and is used by security operation managers and network operations center (NOC) staff to protect organizational resources. Tactical threat intelligence is crucial for configuring security solutions and adjusting defense mechanisms to counteract known threats effectively. Reference:

'Tactical Cyber Intelligence,' Cyber Threat Intelligence Network, Inc.

'Cyber Threat Intelligence for Front Line Defenders: A Practical Guide,' by James Dietle

Question 6

Sam works as an analyst in an organization named InfoTech Security. He was asked to collect information from various threat intelligence sources. In meeting the deadline, he forgot to verify the threat intelligence sources and used data from an open-source data provider, who offered it at a very low cost. Through it was beneficial at the initial stage but relying on such data providers can produce unreliable data and noise putting the organization network into risk.

What mistake Sam did that led to this situation?

ASam used unreliable intelligence sources.

BSam used data without context.

CSam did not use the proper standardization formats for representing threat data.

DSam did not use the proper technology to use or consume the information.

Answer : A

Sam's mistake was using threat intelligence from sources that he did not verify for reliability. Relying on intelligence from unverified or unreliable sources can lead to the incorporation of inaccurate, outdated, or irrelevant information into the organization's threat intelligence program. This can result in 'noise,' which refers to irrelevant or false information that can distract from real threats, and potentially put the organization's network at risk. Verifying the credibility and reliability of intelligence sources is crucial to ensure that the data used for making security decisions is accurate and actionable. Reference:

'Best Practices for Threat Intelligence Sharing,' by FIRST (Forum of Incident Response and Security Teams)

'Evaluating Cyber Threat Intelligence Sources,' by Jon DiMaggio, SANS Institute InfoSec Reading Room

Question 7

A network administrator working in an ABC organization collected log files generated by a traffic monitoring system, which may not seem to have useful information, but after performing proper analysis by him, the same information can be used to detect an attack in the network.

Which of the following categories of threat information has he collected?

AAdvisories

BStrategic reports

CDetection indicators

DLow-level data

Answer : D

The network administrator collected log files generated by a traffic monitoring system, which falls under the category of low-level data. This type of data might not appear useful at first glance but can reveal significant insights about network activity and potential threats upon thorough analysis. Low-level data includes raw logs, packet captures, and other granular details that, when analyzed properly, can help detect anomalous behaviors or indicators of compromise within the network. This type of information is essential for detection and response efforts, allowing security teams to identify and mitigate threats in real-time. Reference:

'Network Forensics: Tracking Hackers through Cyberspace,' by Sherri Davidoff and Jonathan Ham, Prentice Hall

'Real-Time Detection of Anomalous Activity in Dynamic, Heterogeneous Information Systems,' IEEE Transactions on Information Forensics and Security

Eccouncil 312-85 Certified Threat Intelligence Analyst Exam Practice Test