Cyber Threat Intelligence Overview
70 Questions
6 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Modern networks require a deep understanding of what is present on the network; what ______ exist; and who might be targeting them.

weaknesses

Gaining insight into network activity allows for increased ______ to outmaneuver increasingly sophisticated threat actors.

agility

Threat data, when given the appropriate context, results in the creation of threat ______.

intelligence

Several products can provide decision-makers with a clear picture of network ______.

<p>activity</p> Signup and view all the answers

A good threat intelligence ______ is necessary for any modern information security program.

<p>program</p> Signup and view all the answers

Sergio Caltagirone defines cyber threat intelligence as 'actionable knowledge and insight on ______ and their malicious activities.'

<p>adversaries</p> Signup and view all the answers

Investing in analysts who can collect and quickly understand data about ______ facing the organization is often effective.

<p>threats</p> Signup and view all the answers

Decades of intelligence analysis studies can be used to define threat ______.

<p>intelligence</p> Signup and view all the answers

A potential security risk is allowing clients to see directory listings instead of a rendered ______.

<p>web page</p> Signup and view all the answers

To find vulnerable server directories, use the Google search query: site: intitle:"index of" "parent ______".

<p>directory</p> Signup and view all the answers

Several registries are crucial for the Internet's function, and they manage unique global ______ addresses.

<p>IP</p> Signup and view all the answers

Regional Internet Registries (RIRs) are responsible for assigning ______ addresses worldwide.

<p>IP</p> Signup and view all the answers

As a security analyst, understanding advanced Google search methods such as Boolean logic and ______ order is useful.

<p>word</p> Signup and view all the answers

___ intelligence is derived from human sources through overt, covert, or clandestine methods.

<p>HUMINT</p> Signup and view all the answers

___ intelligence is the analysis of imagery and geospatial data concerning security-related activities.

<p>GEOINT</p> Signup and view all the answers

Signals intelligence is intelligence-gathering done via intercepts of communications known as ___.

<p>SIGINT</p> Signup and view all the answers

___ intelligence is the collection and analysis of publicly available information appearing in print or electronic form.

<p>OSINT</p> Signup and view all the answers

Measurement and signature intelligence is derived from data other than imagery and ___.

<p>SIGINT</p> Signup and view all the answers

Traditional intelligence often involves collecting information on foreign countries to further foreign policy and national ___ goals.

<p>security</p> Signup and view all the answers

Threat intelligence teams often focus on using public, commercial, or in-house resources instead of ___ assets.

<p>on-call</p> Signup and view all the answers

Free data associated with actor activity can be gathered through ___ source intelligence.

<p>open</p> Signup and view all the answers

AFRINIC is the Regional Internet Registry for ______ and portions of the Indian Ocean.

<p>Africa</p> Signup and view all the answers

The mechanism responsible for associating domain names with their server's IP address is known as ______.

<p>DNS</p> Signup and view all the answers

Zone transfers are used to replicate DNS server content across multiple ______.

<p>servers</p> Signup and view all the answers

The default behavior of DNS servers is to accept any request for a full transfer from any ______.

<p>host</p> Signup and view all the answers

DNS tools like nslookup, host, and ______ are used to troubleshoot network problems.

<p>dig</p> Signup and view all the answers

Protecting the network from DNS poisoning or spoofing requires restricting DNS ______.

<p>leakages</p> Signup and view all the answers

Authorized hosts should only be able to request full transfers using ______ control lists.

<p>access</p> Signup and view all the answers

LACNIC is the Regional Internet Registry for Latin America and portions of the ______.

<p>Caribbean</p> Signup and view all the answers

Social media sites are rich sources of threat data, providing useful artifacts during high-impact ______.

<p>events</p> Signup and view all the answers

Profiling analyzes a target's preferences and patterns to identify likely ______.

<p>actions</p> Signup and view all the answers

Attackers exploit careless or untrained employees through social engineering ______.

<p>campaigns</p> Signup and view all the answers

A recent OSINT gathering course was taught to a class in an allied ______.

<p>country</p> Signup and view all the answers

The author performed a superficial exercise and found considerable actionable ______.

<p>intelligence</p> Signup and view all the answers

The registrant contact for Google Inc. is listed with the title of ______.

<p>DNS Admin</p> Signup and view all the answers

The tech contact for Google Inc. has a phone number of ______.

<p>+1.6503300100</p> Signup and view all the answers

WHOIS is a tool that allows users to query information about registered domain ______.

<p>registrants</p> Signup and view all the answers

Private registration services may show the registrar's information instead of the ______ details.

<p>registrant's</p> Signup and view all the answers

Job sites can be used for ______ gathering and job recruitment.

<p>information</p> Signup and view all the answers

Attackers can automate the gathering of data about ______ to craft convincing phishing emails.

<p>targets</p> Signup and view all the answers

WHOIS is available in both command-line and ______ versions.

<p>web-based</p> Signup and view all the answers

The email address for the DNS Admin at Google Inc. is ______.

<p><a href="mailto:[email protected]">[email protected]</a></p> Signup and view all the answers

Closed source data is any data collected covertly or as a result of ______ access.

<p>privileged</p> Signup and view all the answers

By establishing a baseline of normal activity, analysts can use historical incident ______ to improve awareness of emerging threats.

<p>responses</p> Signup and view all the answers

Closed source data tends to be of higher ______, allowing analysts to confidently verify findings.

<p>quality</p> Signup and view all the answers

Many organizations prioritize external data over ______ threat data.

<p>internal</p> Signup and view all the answers

Using multiple sources reduces the effect of ______ bias.

<p>confirmation</p> Signup and view all the answers

The Traffic Light Protocol (TLP) was developed by the UK government's National Infrastructure Security Coordination Centre (NISCC) to improve threat information sharing among ______.

<p>organizations</p> Signup and view all the answers

TLP:RED information is not for disclosure and is restricted to ______ only.

<p>participants</p> Signup and view all the answers

TLP:AMBER allows limited disclosure, restricted to participants' ______.

<p>organizations</p> Signup and view all the answers

Recipients of TLP:GREEN information may share it with peers and partner organizations within the ______.

<p>community</p> Signup and view all the answers

TLP:WHITE information has unlimited ______ and can be distributed without restriction.

<p>disclosure</p> Signup and view all the answers

TLP designations help guide information sharing responsibly while protecting sensitive information ______.

<p>sources</p> Signup and view all the answers

When information falls under TLP:RED, it is crucial that recipients do not share it with any parties outside the specific ______.

<p>exchange</p> Signup and view all the answers

The Traffic Light Protocol utilizes color-coded ______ to guide information sharing.

<p>designations</p> Signup and view all the answers

Organizations need to map acquired intelligence to specific aspects of their ______ profile.

<p>threat</p> Signup and view all the answers

Timely intelligence is crucial for its value in ______-making.

<p>decision</p> Signup and view all the answers

Accurate threat intelligence reduces ______ and enhances efficiency of the security team.

<p>noise</p> Signup and view all the answers

Internal network data often provides the most relevant threat ______.

<p>intelligence</p> Signup and view all the answers

Good threat intelligence includes a clear description of the threat using ______ language.

<p>consistent</p> Signup and view all the answers

Threat analysts often use ______ sources to help them keep pace with security industry trends.

<p>OSINT</p> Signup and view all the answers

Adversaries prefer to acquire information about a target without directly ______ it.

<p>touching</p> Signup and view all the answers

Passive reconnaissance is a process by which an adversary acquires information about a target network without directly ______ with it.

<p>interacting</p> Signup and view all the answers

Google's vision is to organize all of the data in the world and make it ______ for everyone.

<p>accessible</p> Signup and view all the answers

Many security analysts rely on publicly available data sets to perform research on common threat ______ and mitigating controls.

<p>indicators</p> Signup and view all the answers

The operator [blank:] restricts search results to the specified domain or ______.

<p>site</p> Signup and view all the answers

The operator [blank:] is used to find pages that contain a ______ to the indicated site or URL.

<p>link</p> Signup and view all the answers

Using search queries, security researcher Johnny Long helped reveal vulnerable systems by exploiting Google’s ______ operators.

<p>advanced</p> Signup and view all the answers

Google can help an attacker gather a remarkable amount of information about any individual, organization, or ______.

<p>network</p> Signup and view all the answers

The operator [blank:] is used for searching files of a specific type, such as Excel spreadsheets.

<p>filetype</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Browser