Direction And Review

Question 1

Developing intelligence requirements is a one time process that only needs to be done at the beginning of an intelligence project. T/f

Answer 1

False: IRs are constantly reviewed with the client

Question 2

What is an example of best practice when designing PIRs?
-Focusing only on threats that have been seen in organisations networks in the past
-relying solely on stakeholder requests to identify PIRs
-defining as many PIRs as possible to ensure that all potential threats are covered
-balancing the need for specificity with flexibility

Answer 2

balancing the need for specificity with flexibility

Question 3

Intelligence requirements should be developed in isolation without feedback or input from other stakeholders within the organisation. True or false

Answer 3

False - they should have constant feedback from many stakeholders and be revised until suitable tk their specific needs

Question 4

Using the MoSCow rule helps to ensure that critical requirements are not overlooked or deferred true or false

Answer 4

True MoSCoW
Must have
Should have
Could have
Won’t have
Helps to focus on critical intelligence needs whilst addressing others that are unnecessary or resources won’t permit

Question 5

What is the role of the stakeholder engagement in the direction phase of the intelligence cycle?
- to disseminate intelligence products to stakeholders
- to help identify and prioritise intelligence requirements
- to collect raw data from stakeholders
- to ensure that stakeholders are aware of the intelligence being collected and analysed

Answer 5

To help identify and prioritise intelligence requirements

Question 6

What type of information is typically included in intelligence requirements?
- all of these are correct
- predictive data
- historical data
- real time data

Answer 6

All of these

predictive data
- historical data
- real time data

Question 7

What metrics are used to evaluate effectiveness of cyber threat intelligence projects during project review?
- return on investment and cost benefit analysis
- time to detection and response time
- threat intelligence accuracy and completeness
- all of these are correct

Answer 7

All of these are correct

return on investment and cost benefit analysis
- time to detection and response time
- threat intelligence accuracy and completeness

Question 8

How are PIRs different from IRs?

Answer 8

PIRs are high priority IRs

Question 9

Which of the following is an intelligence requirement?
- the threat actor responsible for a recent cyber attack
- a list of all vulnerabilities on a companies network
- the number of employees in a company’s IT department
- the make and model of a company’s servers

Answer 9

Threat actor responsible for recent cyber attack

Question 10

The MoSCoW is a technique used in project management true or false

Answer 10

True
Must have
Should have
Could have
Won’t have

Question 11

Intelligence requirements are fixed over time and do not change regardless of the threat landscape true or false

Answer 11

False

Question 12

IRs always have to be approved by the main stakeholder (customer) true or false

Answer 12

True

Question 13

The could have category represents requirements that are desirable but not necessary and can be included if there is time and budget. True or false

Answer 13

True

Question 14

The Moscow rule is a good way to manage stakeholder expectations and prioritise requirements true/false

Answer 14

True

Question 15

How often are PIRs updated?
Weekly, monthly, annually or as needed based on changes in operational environment

Answer 15

As needed based on changes in environment

Question 16

What is the primary focus of tactical intelligence requirements
- planning and preventing future cyber attacks
- understanding and responding to immediate threats
- providing real time information about cyber attacks
- understanding and analysing long term threats

Answer 16

Understanding and responding to immediate threats

Question 17

What is the primary objective of CTI?
- to prevent all cyber attacks
- to investigate and prosecute cyber criminals
- to develop new cyber defender technologies
- to provide situational awareness and support decision making

Answer 17

To provide situational awareness and support decision making

Question 18

Which of the following is a well defined intelligence requirement?

Answer 18

It’s focused, clear and achievable

Question 19

How are PIRs integrated with other intelligence processes?
- Used to priories collection but do not affect other processes
- independent and do not interact
- used to evaluate the effectiveness of other processes
- inform the development of intelligence collection plans and are integrated with other processes

Answer 19

inform the development of intelligence collection plans and are integrated with other processes

Question 20

Which of the following is a standing intelligence requirement?
- IR that is never satisfied
-Intelligence gap
- a request we make of another agency
- an unanswered question

Answer 20

IR that is never satisfied. Continues to be important to know.

Question 21

Which of the following is an intelligence requirement?

Answer 21

The threat actor responsible for a recent cyber attack

Question 22

What is the best practice for definining PIRs?

Answer 22

Balancing the need for specificity and flexibility

Question 23

What is the role of stakeholder engagement in the direction phase?

Answer 23

To help identify and prioritise intelligence requirements.

Question 24

Which is not a common source for CTI?
Dark web
Traditional news media
Social media

Answer 24

Traditional news media

Question 25

Moscow stands for?

Answer 25

Must have, could have, should have, won’t have.

Question 26

T/f the could have category of Moscow represents requirements that are desirable but not necessary and can be included if there is time and budget

Answer 26

True