312-85 | All About Real 312-85 Free Samples

NEW QUESTION 1
Henry. a threat intelligence analyst at ABC Inc., is working on a threat intelligence program. He was assigned to work on establishing criteria for prioritization of intelligence needs and requirements.
Which of the following considerations must be employed by Henry to prioritize intelligence requirements?

• A. Understand frequency and impact of a threat
• B. Understand data reliability
• C. Develop a collection plan
• D. Produce actionable data

Answer: A

NEW QUESTION 2
Tim is working as an analyst in an ABC organization. His organization had been facing many challenges in converting the raw threat intelligence data into meaningful contextual information. After inspection, he found that it was due to noise obtained from misrepresentation of data from huge data collections. Hence, it is important to clean the data before performing data analysis using techniques such as data reduction. He needs to choose an appropriate threat intelligence framework that automatically performs data collection, filtering, and analysis for his organization.
Which of the following threat intelligence frameworks should he choose to perform such task?

• A. HighCharts
• B. SIGVERIF
• C. Threat grid
• D. TC complete

Answer: D

NEW QUESTION 3
Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages:
Stage 1: Build asset-based threat profiles
Stage 2: Identify infrastructure vulnerabilities
Stage 3: Develop security strategy and plans
Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

• A. TRIKE
• B. VAST
• C. OCTAVE
• D. DREAD

Answer: C

NEW QUESTION 4
Jian is a member of the security team at Trinity, Inc. He was conducting a real-time assessment of system activities in order to acquire threat intelligence feeds. He acquired feeds from sources like honeynets, P2P monitoring. infrastructure, and application logs.
Which of the following categories of threat intelligence feed was acquired by Jian?

• A. Internal intelligence feeds
• B. External intelligence feeds
• C. CSV data feeds
• D. Proactive surveillance feeds

Answer: A

NEW QUESTION 5
SecurityTech Inc. is developing a TI plan where it can drive more advantages in less funds. In the process of selecting a TI platform, it wants to incorporate a feature that ranks elements such as intelligence sources, threat actors, attacks, and digital assets of the organization, so that it can put in more funds toward the resources which are critical for the organization’s security.
Which of the following key features should SecurityTech Inc. consider in their TI plan for selecting the TI platform?

• A. Search
• B. Open
• C. Workflow
• D. Scoring

Answer: D

NEW QUESTION 6
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

• A. DNS zone transfer
• B. Dynamic DNS
• C. DNS interrogation
• D. Fast-Flux DNS

Answer: D

NEW QUESTION 7
Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?

• A. Jim should identify the attack at an initial stage by checking the content of the user agent field.
• B. Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.
• C. Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.
• D. Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.

Answer: C

NEW QUESTION 8
An analyst is conducting threat intelligence analysis in a client organization, and during the information gathering process, he gathered information from the publicly available sources and analyzed to obtain a rich useful form of intelligence. The information source that he used is primarily used for national security, law enforcement, and for collecting intelligence required for business or strategic decision making.
Which of the following sources of intelligence did the analyst use to collect information?

• A. OPSEC
• B. ISAC
• C. OSINT
• D. SIGINT

Answer: C

NEW QUESTION 9
In a team of threat analysts, two individuals were competing over projecting their own hypotheses on a given malware. However, to find logical proofs to confirm their hypotheses, the threat intelligence manager used a de-biasing strategy that involves learning strategic decision making in the circumstances comprising multistep interactions with numerous representatives, either having or without any perfect relevant information.
Which of the following de-biasing strategies the threat intelligence manager used to confirm their hypotheses?

• A. Game theory
• B. Machine learning
• C. Decision theory
• D. Cognitive psychology

Answer: C

NEW QUESTION 10
ABC is a well-established cyber-security company in the United States. The organization implemented the automation of tasks such as data enrichment and indicator aggregation. They also joined various communities to increase their knowledge about the emerging threats. However, the security teams can only detect and prevent identified threats in a reactive approach.
Based on threat intelligence maturity model, identify the level of ABC to know the stage at which the
organization stands with its security and vulnerabilities.

• A. Level 2: increasing CTI capabilities
• B. Level 3: CTI program in place
• C. Level 1: preparing for CTI
• D. Level 0: vague where to start

Answer: A

NEW QUESTION 11
Alice, an analyst, shared information with security operation managers and network operations center (NOC) staff for protecting the organizational resources against various threats. Information shared by Alice was highly technical and include threat actor TTPs, malware campaigns, tools used by threat actors, and so on.
Which of the following types of threat intelligence was shared by Alice?

• A. Strategic threat intelligence
• B. Tactical threat intelligence
• C. Technical threat intelligence
• D. Operational threat intelligence

Answer: C

NEW QUESTION 12
Karry, a threat analyst at an XYZ organization, is performing threat intelligence analysis. During the data collection phase, he used a data collection method that involves no participants and is purely based on analysis and observation of activities and processes going on within the local boundaries of the organization.
Identify the type data collection method used by the Karry.

• A. Active data collection
• B. Passive data collection
• C. Exploited data collection
• D. Raw data collection

Answer: B

NEW QUESTION 13
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

• A. Unusual outbound network traffic
• B. Unexpected patching of systems
• C. Unusual activity through privileged user account
• D. Geographical anomalies

Answer: C

NEW QUESTION 14
Alison, an analyst in an XYZ organization, wants to retrieve information about a company’s website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.

• A. Alison should use SmartWhois to extract the required website information.
• B. Alison should use https://archive.org to extract the required website information.
• C. Alison should run the Web Data Extractor tool to extract the required website information.
• D. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.

Answer: C

NEW QUESTION 15
An organization suffered many major attacks and lost critical information, such as employee records, and financial information. Therefore, the management decides to hire a threat analyst to extract the strategic threat intelligence that provides high-level information regarding current cyber-security posture, threats, details on the financial impact of various cyber-activities, and so on.
Which of the following sources will help the analyst to collect the required intelligence?

• A. Active campaigns, attacks on other organizations, data feeds from external third parties
• B. OSINT, CTI vendors, ISAO/ISACs
• C. Campaign reports, malware, incident reports, attack group reports, human intelligence
• D. Human, social media, chat rooms

Answer: B

NEW QUESTION 16
......