Module 20: Threat Intelligence Quiz Answers

1. Which service is provided by the Cisco Talos Group?

  • collecting information about active, existing, and emerging threats
  • preventing online malware from affecting end user devices
  • preventing viruses from affecting end user devices
  • scanning updates for malware code

Explanation: The Cisco Talos group collects information about active, existing, and emerging threats which can be used by Cisco Security products in real time to provide fast and effective security solutions.

2. What does the MITRE Corporation create and maintain?

  • IOC
  • TAXII
  • CVE
  • STIX

Explanation: The MITRE Corporation creates and maintains a catalog of known security threats called Common Vulnerabilities and Exposures (CVE). The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.

3. What is the primary function of (ISC2)?

  • to maintain a detailed list of all zero-day attacks
  • to maintain a list of common vulnerabilities and exposures (CVE) used by prominent security organizations
  • to provide vendor neutral education products and career services
  • to provide a weekly digest of news articles about computer security

Explanation: International Information Systems Security Certification Consortium (ISC2) is a network security organization that provides vendor neutral education products and career services.

4. Which threat intelligence sharing open standard specifies, captures, characterizes, and communicates events and properties of network operations?

  • CybOX
  • Talos
  • MISP
  • TAXII

Explanation: Structured Threat Information Expression (STIX) is a set of specifications for exchanging cyberthreat information between organizations. Cyber Observable Expression (CybOX) is a set of standardized schema that specifies, captures, characterizes, and communicates events and properties of network operations and that supports many cybersecurity functions. Trusted Automated Exchange of Indicator Information (TAXII) is a specification for an application layer protocol that allows the communication of CTI over HTTPS and is designed to support STIX.

5. What is the Common Vulnerabilities and Exposures (CVE) used by the MITRE Corporation?

  • It is a database of malware signatures.
  • It is a dictionary of CVE Identifiers for publicly known cybersecurity vulnerabilities.
  • It is a database of virus signatures.
  • It is a list of response mechanisms to known threats.

Explanation: The MITRE Corporation creates and maintain a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities known as Common Vulnerabilities and Exposures (CVE).

6. Which service is offered by the U.S. Department of Homeland Security (DHS) that enables real-time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector?

  • AIS
  • CVE
  • STIX
  • FireEye

Explanation: The U.S. Department of Homeland Security (DHS) offers a free service called Automated Indicator Sharing (AIS) which enables the real-time exchange of cyberthreat indicators (e.g., malicious IP addresses, the sender address of a phishing email, etc.) between the U.S. Federal Government and the private sector.

7. What is the primary function of SANS?

  • to maintain the Internet Storm Center
  • to maintain the list of common vulnerabilities and exposures (CVE)
  • to provide vendor neutral education products and career services
  • to foster cooperation and coordination in information sharing, incident prevention, and rapid reaction

Explanation: One of the primary functions of the SysAdmin, Audit, Network, Security (SANS) Institute is the maintenance of the Internet Storm Center early warning system.

8. Why do several network organizations, professionals, and intelligence agencies use shared open standards for threat intelligence?

  • to ensure real-time synchronization of all antivirus signature databases
  • to enable exchange of all response mechanisms to new threats
  • to update all vulnerabilities databases across all malware vendors
  • to enable the exchange of CTI in an automated, consistent, and machine readable format

Explanation: Several network organizations, professionals, and intelligence agencies use shared open standards to enable the exchange of cyber threat intelligence (CTI) in an automated, consistent, and machine readable format.

9. What is the primary purpose of the Forum of Incident Response and Security Teams (FIRST)?

  • to provide vendor neutral education products and career services to industry professionals worldwide
  • to provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities
  • to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction strategies
  • to offer 24×7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident response

Explanation: The primary purpose of the Forum of Incident Response and Security Teams (FIRST) is to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction between the teams.

10. What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date?

  • Mitre
  • FireEye
  • CybOX
  • Talos

Explanation: The Cisco Talos Group provides blogs and podcasts on security-related topics from a number of industry experts. These blogs and podcasts provide advice, research, and recommended mitigation techniques.


guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x