Podcast
Questions and Answers
A campaign is a collection of malicious actor behaviors targeting a common ______ over a finite timeframe.
A campaign is a collection of malicious actor behaviors targeting a common ______ over a finite timeframe.
target
A course of action is a preventative or response action to address an ______.
A course of action is a preventative or response action to address an ______.
attack
An Identity is an SDO representing individuals, organizations, or ______.
An Identity is an SDO representing individuals, organizations, or ______.
groups
Indicators in spear phishing messages often use links with phishing ______, generic form language, or ASCII homographs.
Indicators in spear phishing messages often use links with phishing ______, generic form language, or ASCII homographs.
Signup and view all the answers
An intrusion set may comprise multiple campaigns over a long period, even if from the same threat ______.
An intrusion set may comprise multiple campaigns over a long period, even if from the same threat ______.
Signup and view all the answers
TAXII defines how threat data is shared among participating ______.
TAXII defines how threat data is shared among participating ______.
Signup and view all the answers
TAXII specifies the structure for exchanging information and accompanying ______.
TAXII specifies the structure for exchanging information and accompanying ______.
Signup and view all the answers
TAXII 1.0 integrates with existing sharing agreements using three primary ______.
TAXII 1.0 integrates with existing sharing agreements using three primary ______.
Signup and view all the answers
In the Hub and Spoke model, a central Hub communicates with multiple ______ nodes.
In the Hub and Spoke model, a central Hub communicates with multiple ______ nodes.
Signup and view all the answers
In the Peer-to-Peer model, peers communicate ______ with each other.
In the Peer-to-Peer model, peers communicate ______ with each other.
Signup and view all the answers
Accuracy is crucial for decision-making in information __________.
Accuracy is crucial for decision-making in information __________.
Signup and view all the answers
Analysts should acknowledge and mitigate __________ by surrounding themselves with diverse perspectives.
Analysts should acknowledge and mitigate __________ by surrounding themselves with diverse perspectives.
Signup and view all the answers
The __________ level of confidence is used for assessments based on high-quality information.
The __________ level of confidence is used for assessments based on high-quality information.
Signup and view all the answers
Moderate confidence indicates that the information is credibly sourced but not sufficient for a higher level of __________.
Moderate confidence indicates that the information is credibly sourced but not sufficient for a higher level of __________.
Signup and view all the answers
Information categorized as __________ is questionable, fragmented, and raises significant concerns about its sources.
Information categorized as __________ is questionable, fragmented, and raises significant concerns about its sources.
Signup and view all the answers
Malware is any malicious code or software used to compromise the integrity or availability of a system or its ______.
Malware is any malicious code or software used to compromise the integrity or availability of a system or its ______.
Signup and view all the answers
The observed data SDO describes any observable collected from a network or ______ device.
The observed data SDO describes any observable collected from a network or ______ device.
Signup and view all the answers
Reports detail security events, including the malware used or the methodologies employed during a ______.
Reports detail security events, including the malware used or the methodologies employed during a ______.
Signup and view all the answers
The threat actor SDO identifies individuals or groups responsible for ______ activities.
The threat actor SDO identifies individuals or groups responsible for ______ activities.
Signup and view all the answers
The tool SDO describes software used by threat actors during ______.
The tool SDO describes software used by threat actors during ______.
Signup and view all the answers
An indicator includes context describing an aspect of an event relating to a specific ______.
An indicator includes context describing an aspect of an event relating to a specific ______.
Signup and view all the answers
To transform newly discovered indicators into actionable items, analysts perform ______ to determine if the indicator is valid.
To transform newly discovered indicators into actionable items, analysts perform ______ to determine if the indicator is valid.
Signup and view all the answers
The Structured Threat Information Expression (STIX) uses a structure based on twelve Domain Objects (SDOs) and two ______ Objects (SROs).
The Structured Threat Information Expression (STIX) uses a structure based on twelve Domain Objects (SDOs) and two ______ Objects (SROs).
Signup and view all the answers
Attack patterns help categorize attacker tactics, techniques, and ______.
Attack patterns help categorize attacker tactics, techniques, and ______.
Signup and view all the answers
Sharing threat intelligence with partners benefits everyone by improving detection and prioritizing ______ allocation.
Sharing threat intelligence with partners benefits everyone by improving detection and prioritizing ______ allocation.
Signup and view all the answers
A Vulnerability SDO is used to communicate any mistake in software that an attacker can exploit to gain unauthorized access to a _____
A Vulnerability SDO is used to communicate any mistake in software that an attacker can exploit to gain unauthorized access to a _____
Signup and view all the answers
Malware objects provide key characteristics about the malicious software and when they are used in an _____
Malware objects provide key characteristics about the malicious software and when they are used in an _____
Signup and view all the answers
The Relationship SRO links SDOs together and shows how they work with each _____
The Relationship SRO links SDOs together and shows how they work with each _____
Signup and view all the answers
A Sighting SRO provides information about the occurrence of an SDO, such as an indicator or _____
A Sighting SRO provides information about the occurrence of an SDO, such as an indicator or _____
Signup and view all the answers
The relationship type 'target' is used to show the relationship between a source SDO and a target _____
The relationship type 'target' is used to show the relationship between a source SDO and a target _____
Signup and view all the answers
Signature-based systems are effective against ______ threats.
Signature-based systems are effective against ______ threats.
Signup and view all the answers
Anomaly-based systems examine what an executable does, not just what it ______ like.
Anomaly-based systems examine what an executable does, not just what it ______ like.
Signup and view all the answers
'Zero day' refers to a vulnerability or exploit in software that is previously ______ to the public.
'Zero day' refers to a vulnerability or exploit in software that is previously ______ to the public.
Signup and view all the answers
Anomaly-based systems often use a ______ environment to observe an executable's behavior.
Anomaly-based systems often use a ______ environment to observe an executable's behavior.
Signup and view all the answers
A zero-day vulnerability is a flaw in software that the ______ is unaware of.
A zero-day vulnerability is a flaw in software that the ______ is unaware of.
Signup and view all the answers
The TAXII server manages the ______ and channels.
The TAXII server manages the ______ and channels.
Signup and view all the answers
OpenIOC is designed to organize information about attacker tactics, techniques, and procedures (TTPs) and indicators of ______.
OpenIOC is designed to organize information about attacker tactics, techniques, and procedures (TTPs) and indicators of ______.
Signup and view all the answers
The ______ is the client that requests and subscribes to data in the TAXII 2.0 architecture.
The ______ is the client that requests and subscribes to data in the TAXII 2.0 architecture.
Signup and view all the answers
OpenIOC comprises three main components: IOC Metadata, References, and ______.
OpenIOC comprises three main components: IOC Metadata, References, and ______.
Signup and view all the answers
A ______ in OpenIOC describes how the IOC fits operationally within specific environments.
A ______ in OpenIOC describes how the IOC fits operationally within specific environments.
Signup and view all the answers
APTs are identified by the use of stealthy and continuous computer hacking ______.
APTs are identified by the use of stealthy and continuous computer hacking ______.
Signup and view all the answers
APT operators often use both digital surveillance and traditional techniques targeting ______.
APT operators often use both digital surveillance and traditional techniques targeting ______.
Signup and view all the answers
These campaigns are often orchestrated by military or government ______.
These campaigns are often orchestrated by military or government ______.
Signup and view all the answers
APTs reflect a political plan, indicating their nature as a deeper ______ issue.
APTs reflect a political plan, indicating their nature as a deeper ______ issue.
Signup and view all the answers
The execution of APT campaigns might be automated, but humans are responsible for their ______.
The execution of APT campaigns might be automated, but humans are responsible for their ______.
Signup and view all the answers
Zero-day vulnerabilities create black markets for these ______.
Zero-day vulnerabilities create black markets for these ______.
Signup and view all the answers
Security teams need to develop ______ and controls to mitigate impacts from discoveries.
Security teams need to develop ______ and controls to mitigate impacts from discoveries.
Signup and view all the answers
Organizations should use a multi-faceted approach to respond to ______ exploits.
Organizations should use a multi-faceted approach to respond to ______ exploits.
Signup and view all the answers
The US Pentagon has adopted 'Hack the Pentagon' as part of a ______ program.
The US Pentagon has adopted 'Hack the Pentagon' as part of a ______ program.
Signup and view all the answers
Proactive efforts to discover new ______ are essential for organizations.
Proactive efforts to discover new ______ are essential for organizations.
Signup and view all the answers
