Chapter 02: Using Threat Intelligence Flashcards

1
Q

What is the most important aspect of a threat intelligence feed?

A

Timeliness, relevancy, and accuracy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is STIX?

A

Stands for Structured Threat Information Expression (STIX). It is an XML language originally sponsored by the U.S. Department of Homeland Security. It defines 12 STIX domain objects, including things like attack patterns, identities, malware, threat actors, and tools. It is used to help manage threat indicator feeds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is TAXII?

A

Stands for Trusted Automated Exchange of Indicator Information (TAXII) protocol. It works as a companion to STIX to allow cyberthreat information to be communicated at the application layer via HTTPS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is OpenIOC?

A

Stands for Open Indicators of Compromise (OpenIOC) and it is an XML based framework for help manage threat indicator feeds, just like STIX.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What parts make up the threat intelligence cycle?

A

Requirements Gathering, Threat Data Collection, Threat Data Analysis, Threat Intelligence Dissemination, and Gathering Feedback.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an ISACs?

A

Stands for the Information Sharing and Analysis Centers (ISAC). It is an organization that shares threat information. There are different ISACs set up for different industries, such as the healthcare ISAC, financial services ISAC, and the aviation ISAC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is STRIDE?

A

It is Microsoft’s threat classification model. It stands for: Spoofing of user identity, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the ATT&CK Framework?

A

It is a framework created by MITRE, which stands for Adversarial Tactics, Techniques, and Common Knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 7 stages of the Lockheed Martin Cyber Kill Chain?

A

Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Know the Diamond Model of Intrusion Analysis, as well as the specific terms.

A

Core features are the victim, capability, infrastructure, and adversary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Unified Kill Chain?

A

It is a combination of the Lockheed Martin Cyber Kill Chain and the MITRE’s ATT&CK framework to create an 18 phase model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the CVSS?

A

Stands for Common Vulnerability Scoring System (CVSS). Scoring system for vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly