Security Incident and Threat Intelligence Integrations (14%) Flashcards

1
Q

What is Threat Intelligence?

A

Process of collecting valuable or critical information to act or respond to an event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

T/F: The Security Case Management application is included in Threat Intelligence

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the stages in the Threat Intelligence life cycle?

A

Aggregate - Contextualize - Prioritize - Utilize - Learn

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the structured format for the description of threat data?

A

Structured Threat Information Express (STIX)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is TAXI?

A

Trusted Automated Exchange of Intelligence Information (TAXI) is the transport mechanism for sharing threat intelligence data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Cyber Observable eXpression (CybOX)?

A

Common structure for representing cyber observables across and among the operational areas of enterprise cybersecurity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

___________ is a language that can use CybOX words.

A

STIX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

____________ characterizes what is being told, while ____________ defines how the ____________ language is shared

A

STIX, TAXII, STIX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the patterns of activities or methods associated with a specific threat actor or group of threat actors?

A

Tactics, Techniques, and Procedures TTPs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An option to “Run Sightings Search” will only appear when ___________________________.

A

A valid implementation and Sighting Search Queries have been configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are three Observable types supported for Sighting Search Configuration?

A

IP Address, Hash, and URL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the two Related List for Sightings Search?

A

Sighting Search Results an Sighting Search Details

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which Sighting Search related list summarizes the entire search?

A

Sighting Search Results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which Sighting Search related list summarizes the results for each Observable?

A

Sighting Search Details

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the traits of ServiceNow Gold Standard Integrations?

A

Enterprise Scale
Customer Focused
Robust
Standardized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When performing a Splunk integration, you must define an integration user with the following roles: ___________________ and __________________.

A

sn_si.interation_user & sn_si.analyst

17
Q

What role is needed in order to perform imports?

A

import_transformer