Ucertify 2
Malena works as a cybersecurity analyst in an XYZ company. Her company assigned her to investigate threats using the threat intelligence cycle. Using this process, she started her work by assessing what kinds of security breaches or compromises her company has faced and according to intelligence requirements, she started collecting data from threat intelligence sources. What should be Malena's next step in the given scenario?
Data processing and analysis
Sia works as a cybersecurity analyst at an ABC organization. Her organization uses Lockheed Martin's Cyber Kill Chain process for defenders' model attacks and appropriate defenses. Using this process, she started identifying a target and then created tools to exploit vulnerabilities. What would be Sia's next step in the given scenario?
Delivering of weapons to a target
Alaina discovers that her company's website has defaced with a political message. Which type of threat actor is most likely to occur on her company's website in the given scenario?
Hacktivist
Which type of threat actor includes organizations like anonymous that target governments and businesses for political reasons?
Hacktivists
The United States has threat intelligence sharing centers for major areas like healthcare, aviation, and finance. What are these centers called?
ISAC
Which of the following stages of the Lockheed Martin's Cyber Kill Chain process focuses on persistent backdoor access for attackers?
Installation
Which level of intelligence provides broad information about threats and threat actors, allowing organizations to understand and respond to trends?
Strategic intelligence
Cyn works as a cybersecurity analyst. She wants to send threat information via a standardized protocol specifically designed to exchange cyber threat information. Which of the following should Cyn choose to exchange cyber threat information in the given scenario?
TAXII
Which of the following is specifically designed to support Structured Threat Information Expression (STIX) data exchange?
TAXII
James works as a security analyst in an organization. He wants to select a threat framework for his organization. He preferred a framework that includes steps to identify victims, capabilities, and infrastructure of a cybersecurity event. Which of the following would be James's best choice as per his preferences?
The Diamond Model of Intrusion Analysis
Which of the following threats are nation state-sponsored organizations with significant resources and capabilities and provide the highest level of threat on the adversary tier list?
APTs
Gabby, a cybersecurity analyst, wants to select a threat framework for her organization. She identifies that threat actor tactics in a standardized way is an important part of her selection process. Which threat model would be her best choice for the selection process in the given scenario?
ATT&CK
You work as a security analyst in an organization. You need to select a threat framework for your organization and mainly want threat actor tactics to be in a normalized way. Which threat model would be your best choice for selection in the given scenario?
ATT&CK
Jason works as a security analyst in an organization. He gathers threat intelligence information that explains to him about an adversary which is considered as a threat in his organization. The adversary likes to use USB key drops to compromise their targets. Which of the following options is specified in the given scenario?
An attack vector
Which type of assessment is particularly useful for identifying insider threats?
Behavioral
Which term describes scores that allow organizations to filter and use threat intelligence based on the amount of trust they can give?
Confidence
While engaging in an attack, an attacker sends an email message to the targeted victim that contains malicious software as an attachment. Which phase of the Cyber Kill Chain is occurring in the given scenario?
Delivery
Which of the following measures is not commonly used to assess threat intelligence?
Detail
On which of the following languages is STIX based?
Extensible Markup Language
Which of the organizations did the U.S. government help in sharing threat information to infrastructure owners and operators?
ISACs
Which of the following statements is not true about ATT&CK matrices?
Include metadata like the author, the name of the IOC, and a description.
Which of the following type of threat assessment data uses forensic evidence or data?
Indicators of compromise
The following figure signifies the Diamond Model of Intrusion: Figure A: The Diamond Model of Intrusion What does the question mark symbol represent on each vertex of the given figure?
Infrastructure and capability
Roma works as a penetration tester in an organization. She is performing a penetration test for a customer and identifies a client machine that is downloading the contents of the customer database, which stores the customer's intellectual property. After that, she also identifies an employee who is exporting the downloaded data to a USB drive. Which type of threat actor is being referred to in the given scenario?
Insider threat
Which phase of the Cyber Kill Chain process includes the creation of persistent backdoor access for attackers?
Installation
Which of the following is the common criticism of the Cyber Kill Chain model?
It includes actions outside a defended network.
Which security company creates and provides a base set of indicators of compromise (IOC) used by OpenIOC?
Mandiant
Which of the following threat actors are often associated with advanced persistent threat (APT) organizations?
Nation-state actors
Which of the following threat actors typically has the greatest access to resources?
Nation-state actors
What term describes information from publicly available sources used for intelligence purposes?
OSINT
Sam works as a security analyst in an XYZ company. He sends threat intelligence information to his manager in a machine-readable format so that the manager can verify it. In that format, Mandiant's indicators are used by Sam for the base framework. Which format did Sam use in the given scenario?
OpenIOC
Jack received an unknown call from a girl saying that she is a customer executive calling from an XYZ bank. She informed Jack that he won a prize of $2000 and the same amount will be transferred to his account as he is one of the prime customers of this bank. For this amount transfer, she requested Jack to confirm his debit card details. In the given scenario, the girl is playing which threat actor role?
Organized crime
Which of the following is not a common technique used to defend against command and control (C2) capabilities deployed by attackers?
Patching against zero-day attacks
Which of the following activities ensures that you have reviewed threats, their causes, and their typical actions and processes?
Profiling threat actors and activities
Which of the following options is frequently conducted in the requirements gathering phase of the intelligence cycle?
Review of security breaches or compromises an organization has faced
Which of the following is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies?
STIX
Which six-category threat classification model developed by Microsoft is used to assess threats in an application?
STRIDE
he Diamond Model of Intrusion Analysis uses four main concepts as part of its threat mapping. Which of the following is not one of those four concepts?
Threat
Which of the following drove the creation of ISACs in the United States?
Threat information sharing for infrastructure owners
Which of the following activities follows threat data analysis in the threat intelligence cycle?
Threat intelligence dissemination
STRIDE, PASTA, and LINDDUN are all examples of ________________.
threat classification tools
