Cyber Threat Intelligence Overview

Questions and Answers

Modern networks require a deep understanding of what is present on the network; what ______ exist; and who might be targeting them.

weaknesses

Gaining insight into network activity allows for increased ______ to outmaneuver increasingly sophisticated threat actors.

agility

Threat data, when given the appropriate context, results in the creation of threat ______.

intelligence

Several products can provide decision-makers with a clear picture of network ______.

activity

A good threat intelligence ______ is necessary for any modern information security program.

program

Sergio Caltagirone defines cyber threat intelligence as 'actionable knowledge and insight on ______ and their malicious activities.'

adversaries

Investing in analysts who can collect and quickly understand data about ______ facing the organization is often effective.

threats

Decades of intelligence analysis studies can be used to define threat ______.

intelligence

A potential security risk is allowing clients to see directory listings instead of a rendered ______.

web page

To find vulnerable server directories, use the Google search query: site: intitle:"index of" "parent ______".

directory

Several registries are crucial for the Internet's function, and they manage unique global ______ addresses.

IP

Regional Internet Registries (RIRs) are responsible for assigning ______ addresses worldwide.

IP

As a security analyst, understanding advanced Google search methods such as Boolean logic and ______ order is useful.

word

___ intelligence is derived from human sources through overt, covert, or clandestine methods.

HUMINT

___ intelligence is the analysis of imagery and geospatial data concerning security-related activities.

GEOINT

Signals intelligence is intelligence-gathering done via intercepts of communications known as ___.

SIGINT

___ intelligence is the collection and analysis of publicly available information appearing in print or electronic form.

OSINT

Measurement and signature intelligence is derived from data other than imagery and ___.

SIGINT

Traditional intelligence often involves collecting information on foreign countries to further foreign policy and national ___ goals.

security

Threat intelligence teams often focus on using public, commercial, or in-house resources instead of ___ assets.

on-call

Free data associated with actor activity can be gathered through ___ source intelligence.

open

AFRINIC is the Regional Internet Registry for ______ and portions of the Indian Ocean.

Africa

The mechanism responsible for associating domain names with their server's IP address is known as ______.

DNS

Zone transfers are used to replicate DNS server content across multiple ______.

servers

The default behavior of DNS servers is to accept any request for a full transfer from any ______.

host

DNS tools like nslookup, host, and ______ are used to troubleshoot network problems.

dig

Protecting the network from DNS poisoning or spoofing requires restricting DNS ______.

leakages

Authorized hosts should only be able to request full transfers using ______ control lists.

access

LACNIC is the Regional Internet Registry for Latin America and portions of the ______.

Caribbean

Social media sites are rich sources of threat data, providing useful artifacts during high-impact ______.

events

Profiling analyzes a target's preferences and patterns to identify likely ______.

actions

Attackers exploit careless or untrained employees through social engineering ______.

campaigns

A recent OSINT gathering course was taught to a class in an allied ______.

country

The author performed a superficial exercise and found considerable actionable ______.

intelligence

The registrant contact for Google Inc. is listed with the title of ______.

DNS Admin

The tech contact for Google Inc. has a phone number of ______.

+1.6503300100

WHOIS is a tool that allows users to query information about registered domain ______.

registrants

Private registration services may show the registrar's information instead of the ______ details.

registrant's

Job sites can be used for ______ gathering and job recruitment.

information

Attackers can automate the gathering of data about ______ to craft convincing phishing emails.

targets

WHOIS is available in both command-line and ______ versions.

web-based

The email address for the DNS Admin at Google Inc. is ______.

[email protected]

Closed source data is any data collected covertly or as a result of ______ access.

privileged

By establishing a baseline of normal activity, analysts can use historical incident ______ to improve awareness of emerging threats.

responses

Closed source data tends to be of higher ______, allowing analysts to confidently verify findings.

quality

Many organizations prioritize external data over ______ threat data.

internal

Using multiple sources reduces the effect of ______ bias.

confirmation

The Traffic Light Protocol (TLP) was developed by the UK government's National Infrastructure Security Coordination Centre (NISCC) to improve threat information sharing among ______.

organizations

TLP:RED information is not for disclosure and is restricted to ______ only.

participants

TLP:AMBER allows limited disclosure, restricted to participants' ______.

organizations

Recipients of TLP:GREEN information may share it with peers and partner organizations within the ______.

community

TLP:WHITE information has unlimited ______ and can be distributed without restriction.

disclosure

TLP designations help guide information sharing responsibly while protecting sensitive information ______.

sources

When information falls under TLP:RED, it is crucial that recipients do not share it with any parties outside the specific ______.

exchange

The Traffic Light Protocol utilizes color-coded ______ to guide information sharing.

designations

Organizations need to map acquired intelligence to specific aspects of their ______ profile.

threat

Timely intelligence is crucial for its value in ______-making.

decision

Accurate threat intelligence reduces ______ and enhances efficiency of the security team.

noise

Internal network data often provides the most relevant threat ______.

intelligence

Good threat intelligence includes a clear description of the threat using ______ language.

consistent

Threat analysts often use ______ sources to help them keep pace with security industry trends.

OSINT

Adversaries prefer to acquire information about a target without directly ______ it.

touching

Passive reconnaissance is a process by which an adversary acquires information about a target network without directly ______ with it.

interacting

Google's vision is to organize all of the data in the world and make it ______ for everyone.

accessible

Many security analysts rely on publicly available data sets to perform research on common threat ______ and mitigating controls.

indicators

The operator [blank:] restricts search results to the specified domain or ______.

site

The operator [blank:] is used to find pages that contain a ______ to the indicated site or URL.

link

Using search queries, security researcher Johnny Long helped reveal vulnerable systems by exploiting Google’s ______ operators.

advanced

Google can help an attacker gather a remarkable amount of information about any individual, organization, or ______.

network

The operator [blank:] is used for searching files of a specific type, such as Excel spreadsheets.

filetype