Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 22.210 Threat Intelligence Feeds > Flashcards

Section 22.210 Threat Intelligence Feeds Flashcards

Objective 4.3 Explain various activities associated with vulnerability management

1
Q

Threat Intelligence

A

Continual process used to understand the threats faced by an organisation

■ It focuses on analyzing evidence-based knowledge about existing or emerging hazards to an organization’s assets

■ Combines data from multiple sources to provide context, mechanisms, indicators, implications, and actionable information about threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threat Intelligence Feeds

A

Provide valuable information about potential or current threats to an organization’s security

■ Continuous streams of data related to potential or current threats

■ Collected, analysed, and disseminated by security researchers, organizations, or automated tools

■ Provide real-time or near-real-time updates on aspects such as:
● Malware signatures
● Indicators of Compromise (IoC)
● Malicious IP addresses
● URLs

FIREEYE - a subscription service that allows you to stay up to date with latest attacks and vulnerabililties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Evolution of Threats

A

Threat actors adapt their attack methods as technology changes

■ In the past, server-side attacks were common due to open ports and protocols on servers

■ With better server protection, threat actors shifted to client-side attacks,
targeting vulnerabilities in client applications

■ Enterprise networks implement Network Access Control (NAC) to secure clients

■ The mobile environment and cloud technology have also become targets for attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Sources of Threat Intelligence

Open-Source Intelligence (OSINT)

A

Collected from publicly available sources like reports, forums, news articles, blogs, and social media

● Often available at no cost

● Valuable for insights into emerging threats and vulnerabilities

● Examples include feeds from AlienVault Open Threat Exchange, SANS Internet Storm Center, and security research forums

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Proprietary or Third-Party Feeds

A

Provided by commercial vendors under a subscription model

● Offer more refined, analyzed, and timely information

● Integratable into security tools for automated threat response

● Companies like FireEye, McAfee, and Symantec provide proprietary feeds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Information-Sharing Organizations

A

Formed to facilitate the sharing of threat intelligence among members

● Includes Information Sharing and Analysis Centers and Information
Sharing and Analysis Organizations

● Collaboration among businesses in specific industries (e.g., finance,
healthcare) to share industry-specific threat information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dark Web

A

A hidden part of the internet inaccessible through standard browsers

● Can be a source of threat intelligence for security researchers

● Explored for information about hacking techniques, stolen data, and
emerging threats

● Provides insights ahead of public knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (238 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions