Key Concepts

Question 1

Attribution is always a straightforward process, with clear evidence pointing to a single group. True or false

Answer 1

False - attribution is very difficult to assign to a group

Question 2

What does the E stand for in F3EAD?

Answer 2

Find
Fix
Finish
Exploit
Analyse
Disseminate

Question 3

Threat group actors are never motivated by political or ideological factors? T/f

Answer 3

False - hacktivists follow ideology

Question 4

Why do we look at entry and exit points?
- To identify when/where data enters and exits a system
-To identify where data exits and enters a system AND where users acces the system
- in order to direct the data ourselves
-to identify where users access the system

Answer 4

To identify where data exits and enters a system AND where users access the system

Question 5

What are the two separate areas where these type of IOCs can be generated from?
- host based and network based indicators
-encryption based and network based indicators
- host based and computer based indicators
- system based and encryption based indicators

Answer 5

host based and network based indicators

Question 6

What is the purpose of using a drive-by-download attack in cybersecurity?
-to compromise a website frequented by the target
- to disrupt the targets operations
- to steal sensitive data
- to install malware on the targets device

Answer 6

• to install malware on the targets device

Question 7

Which threat actor is considered to have the greater capability and motivation?
- hacktivists
- insider threat
- nation state actors
- Cyber Criminals

Answer 7

Nation state actors

Question 8

What is the main goal of a zero day vulnerability?
- to steal sensitive data
- to disrupt the targets operations
- to install malware on the targets device
- to blackmail the target

Answer 8

To install malware on the targets device

Question 9

How can understanding of a threat actors motivation be used to inform threat intelligence analysis and response?
-by enabling the creation of more accurate threat models
- all of these are correct
- by informing the development of more effective countermeasures
- by identifying the most likely targets and methods of attack
- by facilitating attribution of attacks to specific groups or actors

Answer 9

All of these

Question 10

Which of these is not a decision making loop?
- intelligence cycle
- F3EAD
- FFS cycle
- OODA Loops

Answer 10

Ffs cycle

Question 11

What does IPE stand for?

Answer 11

Intelligence Preparation of the Environment

Question 12

What is the common technique used by APT threat actors use to gain initial access to the network?
DDoS, vulnerability exploitation, supply chain attacks or social engineering

Answer 12

Social engineering

Question 13

Which of the following is the most likely intent of a state sponsored threat actor?
Financial gain, political espionage, create mayhem, all of these are correct, Hacktivism

Answer 13

Political espionage

Question 14

Which hat colour refers to hackers that hack without consent but stop short of malicious activities?
White, grey, black or green?

Answer 14

Grey

Question 15

Hactivist ideology always opposes the nation state? True or false

Answer 15

False- hacktivists ideology varies from Ukraine war to whales at sea world

Question 16

What does IPB stand for?

Answer 16

Intelligence preparation of the battlefield

Question 17

The process of attribution can be influenced by biases including cultural and political? T/F

Answer 17

True

Question 18

What is a nations state actor motivation?
Financial gain, ideology, intellectual property theft, boredom

Answer 18

IP theft

Question 19

What do we mean by utility of scale?

Answer 19

A way of categorising hackers by concepts from unsophisticated to sophisticated

Question 20

What is the difference between IPB and IPE?

Answer 20

IPE focuses on the environment in isolation from the adversary

Question 21

What is the objective of the sterile corridor?
- to further data collection
- to analyse data
- to explain aspects of intelligence to other members of the intelligence team
- to obscure aspects of an intelligence activity to members of the intelligence team

Answer 21

to obscure aspects of an intelligence activity to members of the intelligence team

Question 22

What do we mean by utility of scale?
- presenting security of a document
- measuring intelligence report accurately
- categorising hackers by sophistication
- a way to measure DDoS

Answer 22

Categorising hackers by sophistication

Question 23

Should you consider insider threat as a threat actor or threat vector

Answer 23

Threat vector

Question 24

What was the CBEST narrative structure developed for?

Answer 24

To communicate something technical to a non technical audience

Question 25

What is the purpose of IPB?
-prepare for war
- explain operations to a non CTI analyst
-gain access onto enemy system
- analyse mission variables in the area of interest to determine the effect on operations

Answer 25

Analyse mission variables in the area of interest to determine the effect on operations

Question 26

What are the principles of intelligence? Crosscat

Answer 26

Centralised responsive objective systematic sharing continuous review accessible timely

Question 27

What is the purpose of a drive by download attack

Answer 27

To install malware on the targets device

Question 28

What is the purpose of a supply chain attack as a technique?

Answer 28

To steal sensitive data

Question 29

What is the difference between a threat actors intent and their capability?

Answer 29

Intent refers to what the attacker wants to achieve, while capability refers to their ability to achieve it

Question 30

What are some of the challenges of measuring threat actor motivation?

Answer 30

Available information may be incomplete or misleading. Motivation is often subjective and difficult to quantify. Difficult to distinguish between different threat actors and their motivations. Many threat actors are adept at deception and hiding their true intentions.