Eccouncil 312-85 Exam Practice Test Instant Access

Question 1

Tim is working as an analyst in an ABC organization. His organization had been facing many challenges in converting the raw threat intelligence data into meaningful contextual information. After inspection, he found that it was due to noise obtained from misrepresentation of data from huge data collections. Hence, it is important to clean the data before performing data analysis using techniques such as data reduction. He needs to choose an appropriate threat intelligence framework that automatically performs data collection, filtering, and analysis for his organization.

Which of the following threat intelligence frameworks should he choose to perform such task?

AHighCharts

BSIGVERIF

CThreat grid

DTC complete

Answer : C

Threat Grid is a threat intelligence and analysis platform that offers advanced capabilities for automatic data collection, filtering, and analysis. It is designed to help organizations convert raw threat data into meaningful, actionable intelligence. By employing advanced analytics and machine learning, Threat Grid can reduce noise from large data sets, helping to eliminate misrepresentations and enhance the quality of the threat intelligence. This makes it an ideal choice for Tim, who is looking to address the challenges of converting raw data into contextual information and managing the noise from massive data collections. Reference:

'Cisco Threat Grid: Unify Your Threat Defense,' Cisco

'Integrating and Automating Threat Intelligence,' by Threat Grid

Question 2

Tracy works as a CISO in a large multinational company. She consumes threat intelligence to understand the changing trends of cyber security. She requires intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, improvement of processes, and staff. The intelligence helps her in minimizing business risks and protecting the new technology and business initiatives.

Identify the type of threat intelligence consumer is Tracy.

ATactical users

BStrategic users

COperational users

DTechnical users

Answer : B

Tracy, as a Chief Information Security Officer (CISO), requires intelligence that aids in understanding broader business and cybersecurity trends, making informed decisions regarding new technologies, security budgets, process improvements, and staffing. This need aligns with the role of a strategic user of threat intelligence. Strategic users leverage intelligence to guide long-term planning and decision-making, focusing on minimizing business risks and safeguarding against emerging threats to new technology and business initiatives. This type of intelligence is less about the technical specifics of individual threats and more about understanding the overall threat landscape, regulatory environment, and industry trends to inform high-level strategy and policy. Reference:

'The Role of Strategic Intelligence in Cybersecurity,' Journal of Cybersecurity Education, Research and Practice

'Cyber Threat Intelligence and the Lessons from Law Enforcement,' by Robert M. Lee and David Bianco, SANS Institute Reading Room

Question 3

An analyst wants to disseminate the information effectively so that the consumers can acquire and benefit out of the intelligence.

Which of the following criteria must an analyst consider in order to make the intelligence concise, to the point, accurate, and easily understandable and must consist of a right balance between tables, narrative, numbers,

graphics, and multimedia?

AThe right time

BThe right presentation

CThe right order

DThe right content

Answer : B

For intelligence to be effectively disseminated and utilized by consumers, it must be presented in a manner that is concise, accurate, easily understandable, and engaging. This involves a careful balance of narrative, numerical data, tables, graphics, and potentially multimedia elements to convey the information clearly and compellingly. The right presentation takes into account the preferences and needs of the intelligence consumers, as well as the context and urgency of the information. By focusing on how the intelligence is presented, the analyst ensures that the content is not only consumed but also actionable, facilitating informed decision-making.

Question 4

Joe works as a threat intelligence analyst with Xsecurity Inc. He is assessing the TI program by comparing the project results with the original objectives by reviewing project charter. He is also reviewing the list of expected deliverables to ensure that each of those is delivered to an acceptable level of quality.

Identify the activity that Joe is performing to assess a TI program's success or failure.

ADetermining the fulfillment of stakeholders

BIdentifying areas of further improvement

CDetermining the costs and benefits associated with the program

DConducting a gap analysis

Answer : D

By assessing the Threat Intelligence (TI) program through a comparison of project results with the original objectives, and by ensuring that all expected deliverables have been produced to an acceptable quality level, Joe is conducting a gap analysis. Gap analysis involves identifying the difference between the current state and the desired state or objectives, in this case, the outcomes of the TI program versus its intended goals as outlined in the project charter. This process allows for the assessment of what was successful, what fell short, and where improvements can be made, thereby evaluating the program's overall effectiveness and identifying areas for future enhancement. Reference:

'Project Management Body of Knowledge (PMBOK)' by the Project Management Institute

'Intelligence Analysis: A Target-Centric Approach' by Robert M. Clark

Question 5

Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.

Connection status and content type

Accept-ranges and last-modified information

X-powered-by information

Web server in use and its version

Which of the following tools should the Tyrion use to view header content?

AHydra

BAutoShun

CVanguard enforcer

DBurp suite

Answer : D

Burp Suite is a comprehensive tool used for web application security testing, which includes functionality for viewing and manipulating the HTTP/HTTPS headers of web page requests and responses. This makes it an ideal tool for someone like Tyrion, who is looking to perform website footprinting to gather information hidden in the web page header, such as connection status, content type, server information, and other metadata that can reveal details about the web server and its configuration. Burp Suite allows users to intercept, analyze, and modify traffic between the browser and the web server, which is crucial for uncovering such hidden information. Reference:

'Burp Suite Essentials' by Akash Mahajan

Official Burp Suite Documentation

Question 6

Which of the following components refers to a node in the network that routes the traffic from a workstation to external command and control server and helps in identification of installed malware in the network?

ARepeater

BGateway

CHub

DNetwork interface card (NIC)

Answer : B

A gateway in a network functions as a node that routes traffic between different networks, such as from a local network to the internet. In the context of cyber threats, a gateway can be utilized to monitor and control the data flow to and from the network, helping in the identification and analysis of malware communications, including traffic to external command and control (C2) servers. This makes it an essential component in detecting installed malware within a network by observing anomalies or unauthorized communications at the network's boundary. Unlike repeaters, hubs, or network interface cards (NICs) that primarily facilitate network connectivity without analyzing the traffic, gateways can enforce security policies and detect suspicious activities. Reference:

'Network Security Basics,' Security+ Guide to Network Security Fundamentals

'Malware Command and Control Channels: A Journey,' SANS Institute InfoSec Reading Room

Question 7

Jian is a member of the security team at Trinity, Inc. He was conducting a real-time assessment of system activities in order to acquire threat intelligence feeds. He acquired feeds from sources like honeynets, P2P monitoring. infrastructure, and application logs.

Which of the following categories of threat intelligence feed was acquired by Jian?

AInternal intelligence feeds

BExternal intelligence feeds

CCSV data feeds

DProactive surveillance feeds

Answer : A

Internal intelligence feeds are derived from data and information collected within an organization's own networks and systems. Jian's activities, such as real-time assessment of system activities and acquiring feeds from honeynets, P2P monitoring, infrastructure, and application logs, fall under the collection of internal intelligence feeds. These feeds are crucial for identifying potential threats and vulnerabilities within the organization and form a fundamental part of a comprehensive threat intelligence program. They contrast with external intelligence feeds, which are sourced from outside the organization and include information on broader cyber threats, trends, and TTPs of threat actors. Reference:

'Building an Intelligence-Led Security Program' by Allan Liska

'Threat Intelligence: Collecting, Analysing, Evaluating' by M-K. Lee, L. Healey, and P. A. Porras

Eccouncil 312-85 Certified Threat Intelligence Analyst Exam Practice Test