Data Collection

Question 1

What can it indicate if a domain is registered to an anonymous or fictitious entity?
-it could be an indicator of malicious intent
- it is impossible to determine without further investigation
- it is likely a legitimate domain

Answer 1

It could be an indicator of malicious intent (distributing malware)

Question 2

Data collection involves the systematic gathering of information from different sources true or false

Answer 2

True

Question 3

Which type of data is typically collected in CTI?
Personal, financial, sales reports or threat actor behaviours

Answer 3

Threat actor behaviours

Question 4

What is virustotal?

Answer 4

A website that scans urls and files for malware

Question 5

What is th e purpose of virus totals url scanner?

Answer 5

To identify malicious urls that distribute malware

Question 6

What is the purpose of pivoting in the diamond model?

Answer 6

To shift focus from an indicator to the attacker or an already recognised campaign

Question 7

Which of the following is a common method to collect cyber threat intelligence?
Brute force attack, denial of service, social engineering or passive network monitoring

Answer 7

Passive network monitoring

Question 8

Metadata can be used to determine the security classification of a document true or false

Answer 8

True

Question 9

Document metadata cannot be modified or falsified true or false

Answer 9

False it can be

Question 10

What is the purpose of an intelligence collection plan?

Answer 10

To prioritise and focus intelligence collection efforts

Question 11

What is an example of a collection requirement?

Answer 11

To identify threat actors targeting a specific industry

Question 12

What types of metadata are used in CTI?
- all of these are correct
- threat actor attributes and motivations
-ip addresses, domain names, and file hashes
- vulnerability information and exploit techniques

Answer 12

All of these

Question 13

What does the diamond model show in relation to an attack?

Answer 13

The infrastructure used by an attacker

Question 14

What is the ultimate goal in using the diamond model in cyber threat analysis
- to evaluate the security posture of the organisation
-to gather network logs and system admin logs
- to identify and evaluate vulnerabilities
- to develop effective mitigation and response strategies

Answer 14

To develop effective mitigation and response strategies

Question 15

I high of the following file types can be analysed by virustotal?
Exe, doc, pdf or all correct

Answer 15

All correct

Question 16

Metadata can be used to classify the security of a document true or false

Answer 16

True it can be

Question 18

What is metadata

Answer 18

Data about data

Question 19

What is the cyber threat landscape

Answer 19

The digital environment in which cyber threats exist

Question 20

What’s virustotal

Answer 20

A website that analyses files and URLs for malware

Question 21

What is the purpose of virustotals url scanner?

Answer 21

To identify malicious URLs that distribute malware

Question 22

Document metadata cannot be modified or falsified t/f

Answer 22

False it can be