Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?
A. Data collection through passive DNS monitoring
B. Data collection through DNS interrogation
C. Data collection through DNS zone transfer
D. Data collection through dynamic DNS (DDNS)
A threat analyst working in XYZ Company was asked to perform threat intelligence analysis. During the information collection phase, he used a social engineering technique where he pretended to be a legitimate or authorized person. Using this technique, he gathered sensitive information by scanning terminals for passwords, searching important documents on desks, rummaging bins, and so on.
Which of the following social engineering techniques was used by the analyst for information collection?
A. Impersonation
B. Shoulder surfing
C. Piggybacking
D. Dumpster diving
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?
A. DHCP attacks
B. MAC spoofing attack
C. Distributed Denial-of-Service (DDoS) attack
D. Bandwidth attack
Flora, a threat intelligence analyst at PanTech Cyber Solutions, is working on a threat intelligence program. She is trying to collect the company's crucial information through online job sites.
Which of the following information will Flora obtain through job sites?
A. Hardware and software information, network-related information, and technologies used by the company
B. Top-level domains and subdomains of the company
C. Open ports and services
ABC is a well-established cyber-security company in the United States. The organization implemented the automation of tasks such as data enrichment and indicator aggregation. They also joined various communities to increase their knowledge about the emerging threats. However, the security teams can only detect and prevent identified threats in a reactive approach.
Based on threat intelligence maturity model, identify the level of ABC to know the stage at which the organization stands with its security and vulnerabilities.
A. Level 2: increasing CTI capabilities
B. Level 3: CTI program in place
C. Level 1: preparing for CTI
D. Level 0: vague where to start
Steve is working as an analyst for Highlanders & Co. While performing data analysis, he used a method in which he included a list of all activities required to complete the project, time, dependencies, and logical endpoints such as milestones to acquire information about the relationship between various activities and the period of the activities obtained.
Which of the following data analysis methods was used by Steve?
A. Critical path analysis
B. Timeline analysis
C. Cone of plausibility
D. Analogy analysis
To extract useful intelligence from the gathered bulk data and to improve the efficiency of the composite bulk data, Sam, a threat analyst, follows a data analysis method where he creates a logical sequence of events based on the assumptions of an adversary's proposed actions, mechanisms, indicators, and implications. To develop accurate predictions, he further takes into consideration the important factors including bad actors, methods, vulnerabilities, targets, and so on.
Which of the following data analysis methods is used by Sam to extract useful intelligence out of bulk data?
A. Critical path analysis
B. Linchpin analysis
C. Analogy analysis
D. Opportunity analysis
Kim, an analyst, is looking for an intelligence-sharing platform to gather and share threat information from a variety of sources. He wants to use this information to develop security policies to enhance the overall security posture of his organization.
Which of the following sharing platforms should be used by Kim?
A. Cuckoo sandbox
B. OmniPeek
C. PortDroid network analysis
D. Blueliv threat exchange network
Sean works as a threat intelligence analyst. He is assigned a project for information gathering on a client's network to find a potential threat. He started analysis and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. He was unable to find any information.
What should Sean do to get the information he needs?
A. Sean should use WayBackMachine in Archive.org to find the company's internal URLs
B. Sean should use e-mail tracking tools such as EmailTrackerPro to find the company's internal URLs
C. Sean should use website mirroring tools such as HTTrack Web Site Copier to find the company's internal URLs
D. Sean should use online services such as netcraft.com to find the company's internal URLs
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?
A. Unusual outbound network traffic
B. Unexpected patching of systems
C. Unusual activity through privileged user account
D. Geographical anomalies
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?
A. DNS zone transfer
B. Dynamic DNS
C. DNS interrogation
D. Fast-Flux DNS
Tech Knights Inc., a small-scale company, has decided to share the intelligence information with various organizations using a nonprofit association that provides a secure place to accumulate and share the information about cyber threats in the industry, and it also provides an extended service of data analysis to the organizational network.
Which of the following types of sharing organizations should Tech Knights Inc. use to share
information?
A. Trading partners
B. Information Sharing and Analysis Centers (ISACs)
C. Informal contacts
D. Commercial vendors
| Page 1 out of 8 Pages |
| 123 |
Real-World Scenario Mastery: Our 312-85 practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before Certified Threat Intelligence Analyst exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive 312-85 practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved