Training Deck - Recorded Future University

Question 1

What are the three Pillars of Security?

Answer 1

Confidentiality

Integrity

Availability

Question 2

What is the “Triad” also called? Short version?

Answer 2

CIA Triad

Question 3

What is the projected Value of Cyber Security in 2030?

Answer 3

over 500 Billion $ oder 500 Milliarden Euro

Question 4

What does TTP stand for?

Answer 4

Tactics, Techniques and Procedures

Question 5

What is Tactics

Answer 5

The overall objective of an attacker

Question 6

What is Technique

Answer 6

A method used by an attacker

Question 7

What is Procedure?

Answer 7

The Features and the Tools and Methods used by an attacker

Question 8

What are iOc’s

Answer 8

Indicators of Compromise

Question 9

What does NIST stand for?

Answer 9

The National Institute of Standards and Technology

Question 10

What are the six deterring factors the NIST says defines Security?

Answer 10

Deterrence
Avoidance
Prevention
Detection
Recovery
Correction.

Question 11

Wie wird Intelligence von Recorded Future definiert

Answer 11

data and information collected and analyzed to assist decision-makers.

Question 12

What is Threat Intelligence?

Answer 12

Threat Intelligence is the knowlage that allows you to prevent or defend yourself against attacks

Question 13

What are the two factors that define Threat Intelligence?

Answer 13

Threat Intelligence is all about understanding the bad guys—the hackers, malware, and techniques they use to attack. It looks at external threats that could harm your organization.

Question 14

What is Security Intelligence?

Answer 14

Security Intelligence is broader. It looks at everything related to protecting your company—both from inside and outside. It combines data from your internal systems (like logs, firewalls, and alerts) with external information to give a full picture of your security posture.

Question 15

What is Information Security?

Answer 15

The Protection of Information

Question 16

What is Cyber Security?

Answer 16

Cybersecurity refers to the practices, measures, and controls designed to ensure the confidentiality, integrity, and availability (CIA) of data and systems in the digital realm.

It focuses exclusively on protecting digital assets, such as networks, applications, and data in cyberspace

Question 17

What is the difference between Information Security and Cyber Security?

Answer 17

Information = Security of files in all forms - Digital and also hand written
Cyber Security = Security of digital information

Question 18

What does APT mean

Answer 18

Advanced Persistant Threats

Question 19

What does FAIR stand for

Answer 19

Factor Analysis of Information Risk

Question 20

What is the FAIR Institute

Answer 20

The FAIR Institute is a research-driven not-for-profit organization dedicated to advancing the discipline of cyber and operational risk management through education, standards and collaboration.

Question 21

What is the RISK formula

Answer 21

Vulnerability + Threat = RISK (Likelihood & Impact)

Question 22

Give me three excamples for an IOC

Answer 22

Virus signatures
IP addresses
Hashes of malware files
URLs
Domain names of botnet command and control servers

Question 23

What is Data?

Answer 23

Hashes, IP address etc. Data usually doesnt tell you much and needs to be investigated furtherW

Question 24

What is Information?

Answer 24

Information is Data with Context!

Question 25

What is the main difference between Data and Information?

Answer 25

The main difference between Data and Information is Context

Question 26

What is Intelligence?

Answer 26

Intelligence is the outcome of the Analysis of Data and Information - It is actionable

Question 27

What does SOAR stand for?

Answer 27

Security, Orchestration, Automation, and Response

Question 28

What are the four Stages of Intelligence Process

Answer 28

Work together, collaborate
360 Degree visibility
Automatisation and Integration
Alignment with the Organization and Security Use Cases

Question 29

What is Operational Intelligence

Answer 29

Its the “hands on” Intelligence

Question 30

What is Strategic Intelligence

Answer 30

High-level analysis of an organization’s present and future threat landscapes

Question 31

What is the difference between Operational Intelligence and Strategic Intelligence?

Answer 31

Operational Intelligence is knowing what to do in the moment.

Strategic Intelligence is knowing how to prevent those moments from happening.

Question 32

What is an Attack Vector and give me 4 Attack Vectors

Answer 32

A specific paths, methods, or scenarios that can be exploited
Email
Software Vurnabilites
Insider Threats

Question 33

What is an unknown Vulnerability called? As in unknown to the software Developers

Answer 33

Zero Day Vurneabilty

Question 34

What is the difference between the Surface Web and the Deep Web?

Answer 34

Surface doesnt need login - Deep web needs login (excample - Go to www.recordedfuture.com - Will not get you access to the Platform that is on the deepweb / need username and password to access)

Question 35

What are each Intelligence Life cycle called

Answer 35

Direction
Collection
Processing
Analysis
Dissemination
Feedback
Direction

Question 36

What is the Direction phase also called?

Answer 36

This step is also known as the planning phase.

Question 37

What are the three sources the collection Phase is taking their information?

Answer 37

Internal Sources
Technical Source
Human Source

Question 38

What are Entities? In german

Answer 38

Ein Substantiv - Dinge, Personen, Plätze

Entität:
1. Objekte
2. Einheiten
3. Elemente
4. Instanzen

Question 39

Was sind Ontologies?

Answer 39

English: Meaningful relationship between Entities
German: Beziehung zwischen Entitäten

Zb; USA, US, United States, New York, Statue of Liberty, White house

Question 40

What are NLPs

Answer 40

Natural Language Processing - Computer Intelligence that takes large unstructured text and makes it readable to people

Question 41

Where all these Entities coming from and how are the Ontologies created?

Answer 41

Automated Collection and Classification of Threat Data
Machine Learning and NLP National Language Processing and

We use both of these technologies to collecting and classify the Threat data

Question 42

Tell me the 5 Steps of NLP

Answer 42

Text Extraction
Text Classification
Parts of Speech Tagging
Entity Recognicion
Event Extraction

Question 43

What is the input of Risk Score.. from where?

Answer 43

700.000 Web Sources
30 Threat Feeds

Question 44

Additional risk evidence will increase a Risk Score within the risk band, but no amount of additional evidence will move the score to a higher band

Answer 44

yes

Question 45

What is an RFI

Answer 45

Request for Information

Question 46

There are three types of reports you can generate with Recorded Future AI:

Answer 46

Ransomeware Reports

Threat Landscape Reports

General Reports

Question 47

Where is Collective Insight being utilised

Answer 47

TI and SecOps

Question 48

How does Brand check for Logo abuse?

Answer 48

It scans the Hasfiles of Logos and scans it with urlscan.ie

Question 49

How many image hash files can you add to the watch list?

Answer 49

10

Question 50

What is URLSCAN.IO

Answer 50

a powerful scanner technology that allows IT security and risk management professionals to analyze and understand the potential risks associated with a particular URL.

Question 51

What are the two was RF is scanning for Logo Abuse

Answer 51

One: Via image hash that is scanned via URLScan.io
Two: If any of the currated logos apear on malicious webpage - this only works if the logo has been currated by RF

Question 52

What is IAB

Answer 52

Initial Access Broker the first link of Threat Actors in a Ransomeware. The person that gains access to first and sells it on to the next line to the affiliates who than do the attack and either encrypt or steal data, after that the next link is the