3.3.2 Threat Intelligence Quiz Answers

3.3.2 Threat Intelligence Quiz Answers

3.3.2 Threat Intelligence Quiz. Cyber Threat Management Module 3 Quiz Answers

1. What is the primary function of (ISC2)?

  • to provide a weekly digest of news articles about computer security
  • to maintain a detailed list of all zero-day attacks
  • to maintain a list of common vulnerabilities and exposures (CVE) used by prominent security organizations
  • to provide vendor neutral education products and career services

Explanation: International Information Systems Security Certification Consortium (ISC2) is a network security organization that provides vendor neutral education products and career services.

2. What is the primary function of SANS?

  • to foster cooperation and coordination in information sharing, incident prevention, and rapid reaction
  • to maintain the list of common vulnerabilities and exposures (CVE)
  • to provide vendor neutral education products and career services
  • to maintain the Internet Storm Center

Explanation: One of the primary functions of the SysAdmin, Audit, Network, Security (SANS) Institute is the maintenance of the Internet Storm Center early warning system.

3. What is the primary function of the Center for Internet Security (CIS)?

  • to provide vendor-neutral education products and career services to industry professionals worldwide
  • to offer 24×7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident responses
  • to maintain a list of common vulnerabilities and exposures (CVE) used by security organizations
  • to provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities

Explanation: CIS offers 24×7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident responses to state, local, tribal, and territorial (SLTT) governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC).

4. What is the primary purpose of the Forum of Incident Response and Security Teams (FIRST)?

  • to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction strategies
  • to provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities
  • to offer 24×7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident response
  • to provide vendor neutral education products and career services to industry professionals worldwide

Explanation: The primary purpose of the Forum of Incident Response and Security Teams (FIRST) is to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction between the teams.

5. Which service is offered by the U.S. Department of Homeland Security (DHS) that enables real-time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector?

  • AIS
  • FireEye
  • CVE
  • STIX

Explanation: The U.S. Department of Homeland Security (DHS) offers a free service called Automated Indicator Sharing (AIS) which enables the real-time exchange of cyberthreat indicators (e.g., malicious IP addresses, the sender address of a phishing email, etc.) between the U.S. Federal Government and the private sector.

6. What does the MITRE Corporation create and maintain?

  • STIX
  • IOC
  • CVE
  • TAXII

Explanation: The MITRE Corporation creates and maintains a catalog of known security threats called Common Vulnerabilities and Exposures (CVE). The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.

7. Which threat intelligence sharing open standard specifies, captures, characterizes, and communicates events and properties of network operations?

  • TAXII
  • CybOX
  • MISP
  • Talos

Explanation: Structured Threat Information Expression (STIX) is a set of specifications for exchanging cyberthreat information between organizations. Cyber Observable Expression (CybOX) is a set of standardized schema that specifies, captures, characterizes, and communicates events and properties of network operations and that supports many cybersecurity functions. Trusted Automated Exchange of Indicator Information (TAXII) is a specification for an application layer protocol that allows the communication of CTI over HTTPS and is designed to support STIX.

8. What is the primary objective of a threat intelligence platform (TIP)?

  • to provide a security operations platform that integrates and enhances diverse security tools and threat intelligence
  • to aggregate the data in one place and present it in a comprehensible and usable format
  • to provide a specification for an application layer protocol that allows the communication of CTI over HTTPS
  • to provide a standardized schema for specifying, capturing, characterizing, and communicating events and properties of network operations

Explanation: A threat intelligence platform (TIP) centralizes the collection of threat data from numerous data sources and formats. TIP is designed to aggregate the data in one place and present it in a comprehensible and usable format. This is especially important as the volume of threat intelligence data can be overwhelming.

9. How does FireEye detect and prevent zero-day attacks?

  • by keeping a detailed analysis of all viruses and malware
  • by establishing an authentication parameter prior to any data exchange
  • by only accepting encrypted data packets that validate against their configured hash values
  • by addressing all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis

Explanation: FireEye uses a three-pronged approach combining security intelligence, security expertise, and technology. It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats.

10. Which service is provided by the Cisco Talos Group?

  • preventing online malware from affecting end user devices
  • preventing viruses from affecting end user devices
  • scanning updates for malware code
  • collecting information about active, existing, and emerging threats

Explanation: The U.S. Department of Homeland Security (DHS) offers a free service called Automated Indicator Sharing (AIS) which enables the real-time exchange of cyberthreat indicators (e.g., malicious IP addresses, the sender address of a phishing email, etc.) between the U.S. Federal Government and the private sector.

Subscribe
Notify of
guest

2 Comments
Inline Feedbacks
View all comments
zoro
zoro
9 months ago
  • 9 is by addressing all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis