Kim, an analyst, is looking for an intelligence-sharing platform to gather and share threat information from a variety of sources. He wants to use this information to develop security policies to enhance the overall security posture of his organization.
Which of the following sharing platforms should be used by Kim?

A. Cuckoo sandbox

B. OmniPeek

C. PortDroid network analysis

D. Blueliv threat exchange network

Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?

A. Intelligence related to increased attacks targeting a particular software or operating system vulnerability

B. Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)

C. Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs

D. Intelligence that reveals risks related to various strategic business decisions

Tibson works as an incident responder for MNC based in Singapore. He is investigating a web application security incident recently faced by the company. The attack is performed on a MS SQL Server hosted by the company. In the detection and analysis phase, he used regular expressions to analyze and detect SQL meta-characters that led to SQL injection attack.
Identify the regular expression used by Tibson to detect SQL injection attack on MS SQL Server.

A. /exec(\s|\+)+(s|x)p\w+/ix

B. ((\.\.\\)|(\.\.\/))

C. ((\.|%2E)(\.|%2E)(\/|%2F|\\|%5C))

D. ((\%3C)|<)((\%2F)|\/)*(script)((\%3E)|>)

Which of the following encoding techniques replaces unusual ASCII characters with "%" followed by the character’s two-digit ASCII code expressed in hexadecimal?

A. URL encoding

B. Unicode encoding

C. Base64 encoding

D. HTML encoding

Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.
Which of the following online sources should Alice use to gather such information?

A. Financial services

B. Social network settings

C. Hacking forums

D. Job sites

Which of the following risk mitigation strategies involves execution of controls to reduce the risk factor and brings it to an acceptable level or accepts the potential risk and continues operating the IT system?

A. Risk assumption

B. Risk avoidance

C. Risk planning

D. Risk transference

James is a professional hacker and is employed by an organization to exploit their cloud services. In order to achieve this, James created anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attacks. Which of the following threats is he posing to the cloud platform?

A. Insecure interface and APIs

B. Data breach/loss

C. Insufficient duo diligence

D. Abuse end nefarious use of cloud services

Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.

Connection status and content type
Accept-ranges and last-modified information
X-powered-by information
Web server in use and its version

Which of the following tools should the Tyrion use to view header content?

A. Hydra

B. AutoShun

C. Vanguard enforcer

D. Burp suite

Which of the following risk management processes identifies the risks, estimates the impact, and determines sources to recommend proper mitigation measures?

A. Risk assessment

B. Risk assumption

C. Risk mitigation

D. Risk avoidance

BadGuy Bob hid files in the slack space, changed the file headers, hid suspicious files in executables, and changed the metadata for all types of files on his hacker laptop. What has he committed?

A. Anti-forensics

B. Adversarial mechanics

C. Felony

D. Legal hostility

An organization suffered many major attacks and lost critical information, such as employee records, and financial information. Therefore, the management decides to hire a threat analyst to extract the strategic threat intelligence that provides high-level information regarding current cyber-security posture, threats, details on the financial impact of various cyber-activities, and so on.
Which of the following sources will help the analyst to collect the required intelligence?

A. Active campaigns, attacks on other organizations, data feeds from external third parties

B. OSINT, CTI vendors, ISAO/ISACs

C. Campaign reports, malware, incident reports, attack group reports, human intelligence

D. Human, social media, chat rooms

A colleague wants to minimize their security responsibility because they are in a small organization. They are evaluating a new application that is offered in different forms. Which form would result in the least amount of responsibility for the colleague?

A. On-prom installation

B. saaS

C. laaS

D. PaaS