Intrusion Detection and Activity Groups
12 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the main purpose of defining a new Activity Group?

  • To focus on attribution of intrusions
  • To track how intrusions are carried out (correct)
  • To prioritize the Adversary vertices
  • To change the mathematical formula in the paper

Why is it emphasized that Activity Groups are not about attribution?

  • To encourage defenders to solely prioritize Infrastructure and Victim vertices
  • To avoid carrying too much analytical baggage related to Threat Actors (correct)
  • To make it difficult for defenders to track threats
  • To promote false flag operations by adversaries

What would be disrupted if another adversary pretends to be another adversary (false flag)?

  • The priority given to Adversary vertices
  • The concept of Activity Groups
  • The mathematical formula for defining Activity Groups
  • The tracking of how intrusions are done (correct)

Why are defenders told to defend against Activity Groups rather than Threat Actors?

<p>To simplify the defense strategy for defenders (B)</p> Signup and view all the answers

What is the focus of threat intelligence?

<p>The figurative fingerprint left by adversaries (C)</p> Signup and view all the answers

How are targets and victims defined in the context of cyber threats?

<p>Targets are the ultimate goal of the adversary, while victims are anything compromised along the way (B)</p> Signup and view all the answers

What do Tactics, Techniques, and Procedures (TTPs) represent in the context of adversary activity?

<p>High-level methods to achieve a goal, steps to achieve that goal, and granular steps describing the steps taken in achieving the goal (C)</p> Signup and view all the answers

What is the difference between targets and victims in a cyber threat context?

<p>Targets are the ultimate goal of the adversary, while victims are anything compromised along the way (A)</p> Signup and view all the answers

What do most people mean when they refer to signatures in the security industry?

<p>Indicators of potential threats (B)</p> Signup and view all the answers

In the context of security, what does behavioral analytics aim to identify?

<p>Behaviors exhibited by threats (A)</p> Signup and view all the answers

What is an example of a simple behavioral analytic mentioned in the text?

<p>Files dropping into the TEMP directory and elevating privileges (D)</p> Signup and view all the answers

How should indicators and past events be leveraged according to the text?

<p>To think about the behaviors exhibited (A)</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser