Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ SY601 > 1 - 3: Threat Intelligence > Flashcards

1 - 3: Threat Intelligence Flashcards

1
Q

Threat Intelligence

A

Actions taken to educate about changes in cybersecurity, adapting security controls based on that knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Open-source Intelligence

A

Uses public information, often using security websites, vulnerability databases, dark web sources, sharing centers, file or code repositories, or security researchers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Email address harvesting

A

Searches for valid addresses for social engineering attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Criteria for threat intelligence source

A

Timeliness, accuracy, reliability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Threat indicators

A

Data or other information that describes a threat, such as IP addresses or file signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CybOX (not questioned on exam)

A

Cyber Observable eXpression, a standardized schema for categorizing security observations, including intrusion attempts and malicious software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

STIX

A

Structured Threat Information eXpression, a standardized language communicating security information between systems, using CybOX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

TAXII

A

Trusted Automated eXachange of Indicator Information, provides a technical framework for exchanging messages and information written in the STIX language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

OpenIOC

A

Mandiant Labs’s threat intelligence language, describes file names, sizes, and specific indicators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Functions threat intelligence supports

A

Incident response, vulnerability management, risk management, security engineering, detection and monitoring / SOCs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ISACs

A

Information Sharing and Analysis Centers, confidential sharing centers for threat intelligence based on industry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Threat research

A

Understanding adversaries’ methods, intent, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Threat research techniques

A

Reputational threat research and Behavioral threat research

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Reputational threat research

A

Identifying potentially malicious actors based on previous behavior, IP addresses, email, domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Behavioral threat research

A

Identifying potentially malicious actors based on the similarity of behaviors to past attackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Research sources

A

Vendor websites, vulnerability feeds, conferences, academic journals, request for comment documents, threat feeds, TTP publications

17
Q

Threat identification

A

A structured approach to assessing possible threats, typically as asset focused, threat focused, or service focused

18
Q

Asset focused approach

A

An analysis based on the organizations asset inventory

19
Q

Threat focused approach

A

Identifying how specific threats could affect each information system, chiefly to understand an adversary’s capability

20
Q

Service focused approach

A

Identify the impact to services hosted over the internet and related interfaces

21
Q

Automating threat intelligence

A

Providing responses to threat indications automatically when certain criteria are met, such as blocking IPs or certain network traffic

22
Q

Minimizing disruption from automation

A

Test automated services in alert-only mode

23
Q

Automating threat feeds

A

Combining threat feeds into a single, more refined information source

24
Q

Data enrichment

A

Automation to assist incident response by providing assistance with routine details, including source reconnaissance, retrieving related logs, or triggering a vulnerability scan

25
Q

SOAR

A

Security Orchestration, Automation, and Response that automate and enhance SIEM capabilities

26
Q

Machine learning for threats

A

Can scan and assist in creating a signature definition for threats and malware

27
Q

Assumption of Compromise

A

Considering attackers have already made a foothold in approaching security risks

28
Q

Threat hunting

A

An organized, systematic approach to seeking indicators of compromise using expertise and analytic techniques

29
Q

First step in threat hunting

A

Establish a hypothesis, thinking like an attacker would based on available information

30
Q

Indicators of Compromise

A

Unusual binary files, unexpected processes or resource consumption, deviations in network traffic, alterations in permissions, unexplained log entries, unapproved config changes

Security+ SY601 (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions