Chapter 2, Using Threat Intelligence

Question 1

Which type of threat intelligence provides a broad view about threats?

Answer 1

Strategic threat intelligence

Question 2

What type of threat intelligence includes very detailed information allowing a response to a specific threat?

Answer 2

Operational threat Intelligence

Question 3

What are the 3 factors to consider when assessing threat intelligence sources?

Answer 3

Is it timely?
Is it accurate?
Is it relevant?

Question 4

what allows organizations to assess threat intelligence based on how much they trust they can give it?

Answer 4

Confidence scores.

Question 5

What is STIX?

Answer 5

Structured Threat Information Expression. It’s an XML language designed to standardize cyber threat information in a machine readable format.

Question 6

Which threat indicator language was developed by Mandiant and focusses on types of compromises?

Answer 6

Open Indicator of Compromise (OpenIOC)

Question 7

What are the 5 stages of the Threat Intelligence Cycle?

Answer 7

1) REQUIREMENTS gathering
2) COLLECTION of threat data
3) ANALYSIS of threat data
4) DISSEMINATION of threat intelligence
5) Gathering FEEDBACK

Question 8

What’s the main purpose of the Requirements gathering phase of the Threat Intelligence lifecycle?

Answer 8

It’s to assess what CTI and associated controls that could have prevented or limited security breaches* an organization may have had.
It also assess what information and controls could prevent breaches following a risk assessment, audit or industry trends.

Question 9

What issues might you be faced with when you’re analysing threat data?

Answer 9

It might be in different formats or not formatted at all so you’d need to format the data so it can be consumed by whatever tools you’re using

Question 10

Why do we get feedback as part of the Threat Intelligence lifecycle?

Answer 10

It’s done for continuous improvement of the process itself to improve it’s output.

Question 11

Which group of American threat intelligence communities helps major infrastructure owners/operators share intelligence information?

Answer 11

ISACs - Information Sharing and Analysis Centres

Question 12

What are the two main benefits of a threat classification tool?

Answer 12

1) provides a common way to describe threats which makes them easier to manage
2) serves as a reminder of the types of threats to give analysts better threat analysis

Question 13

What protocol was designed to specifically exchange the cyber threat intelligence information in the STIX format?

Answer 13

TAXII

Question 14

Which stage of the Intelligence Cycle would you format the data?

Answer 14

Threat Data Analysis stage

Question 15

which concept around threat intelligence was introduced in 1998 as part of Presidential diretive-63?

Answer 15

ISACS

Question 16

What are threat (classification) models used for? When

Answer 16

Threat classification models help assess organization risk.

Question 17

______ frameworks compliment threat modelling frameworks but focus on the specific t____ t____ and p_____ from an _____-centric perspective

Answer 17

attack
tactics, techniques and procedures
attacker

Question 18

Which threat models are typically used early in the in the development cycle to identify issues and get them fixed? Give an example of one.

Answer 18

asset-centric / software-centric

Microsoft’s STRIDE

Question 19

When did MITRE add cloud-focused techniques?

Answer 19

October 2019

Question 20

Apart from the ATT&CK model which others are there?

Answer 20

The Diamond Model of Intrusion Analysis

Lockheed Martin’s Cyber Kill Chain

Question 21

Core features, meta-features and confidence value are terms used in which attack model?

Answer 21

the Diamond Model of Intrusion Analysis

Question 22

Adversary, Structure, Capability, Victim are elements of which attack model?

Answer 22

the Diamond Model of Intrusion Analysis

Question 23

What are the first 4 stages in Lockheed Martin’s cyber kill chain

Answer 23

1. Reconnaissance
2. Weaponization
3. Delivery

Question 24

What are stages 4-6 in Lockheed Martin’s cyber kill chain?

Answer 24

4. Exploitation
5. Installation
6. Command and Control

Question 25

What is the last stage in Lockheed Martin’s cyber kill chain?

Answer 25

7. Actions on Objectives

Question 26

What scoring system helps to grade vulnerabilities?

Answer 26

Common Vulnerabilities Scoring System (CVSS)

Question 27

What tools helps organizations assess and describe threats, threat actors and their techniques for the purpose of building appropriate defences.

Answer 27

Attack Frameworks

Question 28

What’s the name of the UK’s organization that shares threat intelligence with industry, govt and academia?

Answer 28

Centre for Protection of National Infrastructure

Question 29

What protocol was designed to specifically exchange the cyber threat intelligence information in the STIX format?

Answer 29

TAXII

Question 30

Which stage of the Intelligence Cycle would you format the data?

Answer 30

Threat Data Analysis stage

Question 31

which concept around threat intelligence was introduced in 1998 as part of Presidential diretive-63?

Answer 31

ISACS

Question 32

____ frameworks are used alongside t_____ m______ methodologies as part of threat modelling

Answer 32

threat modelling methodologies (e.g. STRIDE and PASTA)

Question 33

Which threat models are typically used early in the in the development cycle to identify issues and get them fixed?

Answer 33

asset-centric / software-centric

Question 34

Which threat model gives an attacker-centric perspective but provides an asset-centric output?

Answer 34

PASTA