Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

ECCouncil 312-85 Certified Threat Intelligence Analyst (CTIA) Exam Practice Test

Demo: 15 questions
Total 50 questions

Certified Threat Intelligence Analyst (CTIA) Questions and Answers

Question 1

An analyst wants to disseminate the information effectively so that the consumers can acquire and benefit out of the intelligence.

Which of the following criteria must an analyst consider in order to make the intelligence concise, to the point, accurate, and easily understandable and must consist of a right balance between tables, narrative, numbers,

graphics, and multimedia?

Options:

A.

The right time

B.

The right presentation

C.

The right order

D.

The right content

Question 2

Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.

Which of the following techniques was employed by Miley?

Options:

A.

Sandboxing

B.

Normalization

C.

Data visualization

D.

Convenience sampling

Question 3

An XYZ organization hired Mr. Andrews, a threat analyst. In order to identify the threats and mitigate the effect of such threats, Mr. Andrews was asked to perform threat modeling. During the process of threat modeling, he collected important information about the treat actor and characterized the analytic behavior of the adversary that includes technological details, goals, and motives that can be useful in building a strong countermeasure.

What stage of the threat modeling is Mr. Andrews currently in?

Options:

A.

System modeling

B.

Threat determination and identification

C.

Threat profiling and attribution

D.

Threat ranking

Question 4

In a team of threat analysts, two individuals were competing over projecting their own hypotheses on a given malware. However, to find logical proofs to confirm their hypotheses, the threat intelligence manager used a de-biasing strategy that involves learning strategic decision making in the circumstances comprising multistep interactions with numerous representatives, either having or without any perfect relevant information.

Which of the following de-biasing strategies the threat intelligence manager used to confirm their hypotheses?

Options:

A.

Game theory

B.

Machine learning

C.

Decision theory

D.

Cognitive psychology

Question 5

Which of the following components refers to a node in the network that routes the traffic from a workstation to external command and control server and helps in identification of installed malware in the network?

Options:

A.

Repeater

B.

Gateway

C.

Hub

D.

Network interface card (NIC)

Question 6

Kim, an analyst, is looking for an intelligence-sharing platform to gather and share threat information from a variety of sources. He wants to use this information to develop security policies to enhance the overall security posture of his organization.

Which of the following sharing platforms should be used by Kim?

Options:

A.

Cuckoo sandbox

B.

OmniPeek

C.

PortDroid network analysis

D.

Blueliv threat exchange network

Question 7

Sarah is a security operations center (SOC) analyst working at JW Williams and Sons organization based in Chicago. As a part of security operations, she contacts information providers (sharing partners) for gathering information such as collections of validated and prioritized threat indicators along with a detailed technical analysis of malware samples, botnets, DDoS attack methods, and various other malicious tools. She further used the collected information at the tactical and operational levels.

Sarah obtained the required information from which of the following types of sharing partner?

Options:

A.

Providers of threat data feeds

B.

Providers of threat indicators

C.

Providers of comprehensive cyber-threat intelligence

D.

Providers of threat actors

Question 8

Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.

Connection status and content type

Accept-ranges and last-modified information

X-powered-by information

Web server in use and its version

Which of the following tools should the Tyrion use to view header content?

Options:

A.

Hydra

B.

AutoShun

C.

Vanguard enforcer

D.

Burp suite

Question 9

Sam works as an analyst in an organization named InfoTech Security. He was asked to collect information from various threat intelligence sources. In meeting the deadline, he forgot to verify the threat intelligence sources and used data from an open-source data provider, who offered it at a very low cost. Through it was beneficial at the initial stage but relying on such data providers can produce unreliable data and noise putting the organization network into risk.

What mistake Sam did that led to this situation?

Options:

A.

Sam used unreliable intelligence sources.

B.

Sam used data without context.

C.

Sam did not use the proper standardization formats for representing threat data.

D.

Sam did not use the proper technology to use or consume the information.

Question 10

Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.

Which of the following online sources should Alice use to gather such information?

Options:

A.

Financial services

B.

Social network settings

C.

Hacking forums

D.

Job sites

Question 11

Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.

Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?

Options:

A.

Data collection through passive DNS monitoring

B.

Data collection through DNS interrogation

C.

Data collection through DNS zone transfer

D.

Data collection through dynamic DNS (DDNS)

Question 12

Which of the following characteristics of APT refers to numerous attempts done by the attacker to gain entry to the target’s network?

Options:

A.

Risk tolerance

B.

Timeliness

C.

Attack origination points

D.

Multiphased

Question 13

A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.

Which of the following attacks is performed on the client organization?

Options:

A.

DHCP attacks

B.

MAC spoofing attack

C.

Distributed Denial-of-Service (DDoS) attack

D.

Bandwidth attack

Question 14

What is the correct sequence of steps involved in scheduling a threat intelligence program?

1. Review the project charter

2. Identify all deliverables

3. Identify the sequence of activities

4. Identify task dependencies

5. Develop the final schedule

6. Estimate duration of each activity

7. Identify and estimate resources for all activities

8. Define all activities

9. Build a work breakdown structure (WBS)

Options:

A.

1-->9-->2-->8-->3-->7-->4-->6-->5

B.

3-->4-->5-->2-->1-->9-->8-->7-->6

C.

1-->2-->3-->4-->5-->6-->9-->8-->7

D.

1-->2-->3-->4-->5-->6-->7-->8-->9

Question 15

Tim is working as an analyst in an ABC organization. His organization had been facing many challenges in converting the raw threat intelligence data into meaningful contextual information. After inspection, he found that it was due to noise obtained from misrepresentation of data from huge data collections. Hence, it is important to clean the data before performing data analysis using techniques such as data reduction. He needs to choose an appropriate threat intelligence framework that automatically performs data collection, filtering, and analysis for his organization.

Which of the following threat intelligence frameworks should he choose to perform such task?

Options:

A.

HighCharts

B.

SIGVERIF

C.

Threat grid

D.

TC complete

Demo: 15 questions
Total 50 questions