1_5_4 Section 1 – Attacks, Threats, and Vulnerabilities - 1.5 – Threat Actors and Vectors - Threat Research

Questions and Answers

What is the first step to stopping a threat?

• Researching potential threats
• Implementing security measures
• Collecting research information
• Understanding the threat exists (correct)

Why do you need to collect research information from many different resources?

• To identify the methods of attackers
• To know the vendors of the operating systems
• To understand the scope of the threats (correct)
• Because each resource provides a complete understanding of the threats

Where should you start when researching threats associated with an operating system or application?

• Online forums and discussion boards
• The companies that wrote the operating system or application (correct)
• The National Institute of Standards and Technology
• Independent security research organizations

What is the National Vulnerability Database?

A database of known vulnerabilities (C)

What is the purpose of a vendor's notification process?

To inform customers of known vulnerabilities (C)

What does CVE stand for?

Common Vulnerabilities and Exposures (B)

What can be a valuable tool for gathering information on Twitter?

Using the search feature for specific CVEs or keywords (A)

Why is it important to have an automated threat feed?

To receive immediate notifications of emerging threats (C)

What is a TTP in the context of security threats?

Tactic, Technique, and Procedure (A)

Why is it important to know where an attacker likes to focus their efforts?

To focus on a specific area of defense (A)

What can be used to monitor how malware is operating on a network?

Twitter posts (C)

What is the benefit of understanding an attacker's TTP?

Recognizing tactics and detecting threats (D)

What is a common practice to supplement a vulnerability database?

Roll up third-party feeds into one central system (D)

What can be learned from conferences?

The latest vulnerabilities and threats (A)

What type of information can be found in academic journals?

Detailed information about attack types and malware (C)

What are RFCs used for?

Tracking and formalizing security standards (D)

What can be learned from reading RFCs?

How standards are supposed to operate and potential vulnerabilities (C)

What is the purpose of a user group meeting?

To gather information from people presenting and other members (D)

What type of information can be found on social media?

Description of recent vulnerabilities and attacks (A)

What is the benefit of attending conferences?

Learning from people who have gone through attacks (A)

What is the purpose of a central vulnerability management system?

To track the latest vulnerabilities and identify environment-specific ones (B)

Why are academic journals useful?

They provide detailed information about attack types and malware (A)

What is the primary reason why an IT professional needs to continuously research threats?

To understand the changing scope of threats (C)

Where can you find comprehensive information about vulnerabilities in an operating system or application?

Vendor's website (C)

What is the primary purpose of a vendor's notification process?

To notify users about discovered vulnerabilities (A)

Why is it important to collect research information from multiple sources?

To bring together diverse perspectives and information (C)

What is the National Vulnerability Database used for?

To maintain a list of known vulnerabilities and exposures (C)

What is the benefit of understanding how an attacker gets into one network?

It helps to develop a comprehensive understanding of attack methods (B)

What is the primary benefit of using Twitter for threat intelligence?

To search for CVEs and bug bounty announcements (A)

What type of information is often provided by automated threat feeds?

Tactics, techniques, and procedures used by attackers (A)

Why is it important to understand an attacker's TTP?

To recognize and respond to threats more effectively (D)

What is a common challenge with understanding attacker TTPs?

They change depending on the situation (A)

Why is it useful to know where an attacker likes to focus their efforts?

To prioritize defense in those areas (D)

What type of resources can provide automated threat feeds?

Government agencies and security organizations (C)

What is the primary purpose of a central vulnerability management system?

To keep track of all the latest vulnerabilities and identify those specific to your environment (D)

What can be learned from researchers presenting at conferences?

New trends in the industry and information about the latest hacks (D)

Why are academic journals useful for security professionals?

They provide detailed information about attack types and how to deal with them (D)

What is a common source of information for security professionals?

All of the above (D)

What can be found in RFCs?

Detailed analysis of certain types of threats (A)

What is the benefit of attending user group meetings?

To meet local people in your area who can provide valuable resources (B)

What type of information can be found in user groups that are not specific to IT security?

Valuable technical information (C)

What can be learned from reading about a deep dive into a type of malware?

Exactly how the malware operates (C)

Why is it important to supplement a vulnerability database?

To identify vulnerabilities that may be specific to your environment (A)

What is the purpose of conferences for security professionals?

To learn about new trends in the industry and information about the latest hacks (D)