
オンライン問題で最適な312-85試験練習問題(最新の52問題)
練習問題312-85素晴らしい練習用のCertified Threat Intelligence Analystテスト問題
質問 # 25
Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?
- A. Data collection through DNS interrogation
- B. Data collection through passive DNS monitoring
- C. Data collection through dynamic DNS (DDNS)
- D. Data collection through DNS zone transfer
正解:A
質問 # 26
Alison, an analyst in an XYZ organization, wants to retrieve information about a company's website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.
- A. Alison should use SmartWhois to extract the required website information.
- B. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.
- C. Alison should run the Web Data Extractor tool to extract the required website information.
- D. Alison should use https://archive.org to extract the required website information.
正解:C
質問 # 27
An analyst wants to disseminate the information effectively so that the consumers can acquire and benefit out of the intelligence.
Which of the following criteria must an analyst consider in order to make the intelligence concise, to the point, accurate, and easily understandable and must consist of a right balance between tables, narrative, numbers, graphics, and multimedia?
- A. The right presentation
- B. The right time
- C. The right order
- D. The right content
正解:A
質問 # 28
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?
- A. Unusual outbound network traffic
- B. Unexpected patching of systems
- C. Unusual activity through privileged user account
- D. Geographical anomalies
正解:D
解説:
The scenario described by Steve's observations, where multiple logins are occurring from different locations in a short time span, especially from locations where the organization has no business relations, points to
'Geographical anomalies' as a key indicator of compromise (IoC). Geographical anomalies in logins suggest unauthorized access attempts potentially made by attackers using compromised credentials. This is particularly suspicious when the locations of these logins do not align with the normal geographical footprint of the organization's operations or employee locations. Monitoring for such anomalies can help in the early detection of unauthorized access and potential data breaches.References:
* SANS Institute Reading Room, "Indicators of Compromise: Reality's Version of the Minority Report"
* "Identifying Indicators of Compromise" by CERT-UK
質問 # 29
A network administrator working in an ABC organization collected log files generated by a traffic monitoring system, which may not seem to have useful information, but afterperforming proper analysis by him, the same information can be used to detect an attack in the network.
Which of the following categories of threat information has he collected?
- A. Advisories
- B. Low-level data
- C. Detection indicators
- D. Strategic reports
正解:B
解説:
The network administrator collected log files generated by a traffic monitoring system, which falls under the category of low-level data. This type of data might not appear useful at first glance but can reveal significant insights about network activity and potential threats upon thorough analysis. Low-level data includes raw logs, packet captures, and other granular details that, when analyzed properly, can help detect anomalous behaviors or indicators of compromise within the network. This type of information is essential for detection and response efforts, allowing security teams to identify and mitigate threats in real-time.References:
* "Network Forensics: Tracking Hackers through Cyberspace," by Sherri Davidoff and Jonathan Ham, Prentice Hall
* "Real-Time Detection of Anomalous Activity in Dynamic, Heterogeneous Information Systems," IEEE Transactions on Information Forensics and Security
質問 # 30
Tim is working as an analyst in an ABC organization. His organization had been facing many challenges in converting the raw threat intelligence data into meaningful contextual information. After inspection, he found that it was due to noise obtained from misrepresentation of data from huge data collections. Hence, it is important to clean the data before performing data analysis using techniques such as data reduction. He needs to choose an appropriate threat intelligence framework that automatically performs data collection, filtering, and analysis for his organization.
Which of the following threat intelligence frameworks should he choose to perform such task?
- A. SIGVERIF
- B. Threat grid
- C. HighCharts
- D. TC complete
正解:D
質問 # 31
Which of the following types of threat attribution deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target?
- A. Intrusion-set attribution
- B. True attribution
- C. Nation-state attribution
- D. Campaign attribution
正解:B
質問 # 32
In which of the following attacks does the attacker exploit vulnerabilities in a computer application before the software developer can release a patch for them?
- A. Distributed network attack
- B. Active online attack
- C. Advanced persistent attack
- D. Zero-day attack
正解:D
質問 # 33
Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?
- A. Validated trust
- B. Mediated trust
- C. Mandated trust
- D. Direct historical trust
正解:A
質問 # 34
Mr. Bob, a threat analyst, is performing analysis of competing hypotheses (ACH). He has reached to a stage where he is required to apply his analysis skills effectively to reject as many hypotheses and select the best hypotheses from the identified bunch of hypotheses, and this is done with the help of listed evidence. Then, he prepares a matrix where all the screened hypotheses are placed on the top, and the listed evidence for the hypotheses are placed at the bottom.
What stage of ACH is Bob currently in?
- A. Inconsistency
- B. Diagnostics
- C. Refinement
- D. Evidence
正解:B
質問 # 35
Moses, a threat intelligence analyst at InfoTec Inc., wants to find crucial information about the potential threats the organization is facing by using advanced Google search operators. He wants to identify whether any fake websites are hosted at the similar to the organization's URL.
Which of the following Google search queries should Moses use?
- A. related: www.infothech.org
- B. cache: www.infothech.org
- C. info: www.infothech.org
- D. link: www.infothech.org
正解:A
質問 # 36
Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.
Connection status and content type
Accept-ranges and last-modified information
X-powered-by information
Web server in use and its version
Which of the following tools should the Tyrion use to view header content?
- A. Burp suite
- B. Vanguard enforcer
- C. AutoShun
- D. Hydra
正解:A
解説:
Burp Suite is a comprehensive tool used for web application security testing, which includes functionality for viewing and manipulating the HTTP/HTTPS headers of web page requests and responses. This makes it an ideal tool for someone like Tyrion, who is looking to perform website footprinting to gather information hidden in the web page header, such as connection status, content type, server information, and other metadata that can reveal details about the web server and its configuration. Burp Suite allows users to intercept, analyze, and modify traffic between the browser and the web server, which is crucial for uncovering such hidden information.References:
* "Burp Suite Essentials" by Akash Mahajan
* Official Burp Suite Documentation
質問 # 37
Alison, an analyst in an XYZ organization, wants to retrieve information about a company's website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.
- A. Alison should use https://archive.org to extract the required website information.
- B. Alison should run the Web Data Extractor tool to extract the required website information.
- C. Alison should use SmartWhois to extract the required website information.
- D. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.
正解:A
質問 # 38
In which of the following forms of bulk data collection are large amounts of data first collected from multiple sources in multiple formats and then processed to achieve threat intelligence?
- A. Unstructured form
- B. Structured form
- C. Production form
- D. Hybrid form
正解:A
質問 # 39
Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?
- A. Intelligence related to increased attacks targeting a particular software or operating system vulnerability
- B. Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)
- C. Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs
- D. Intelligence that reveals risks related to various strategic business decisions
正解:B
解説:
Red Teams are tasked with emulating potential adversaries to test and improve the security posture of an organization. They require intelligence on the latest vulnerabilities, threat actors, and their TTPs to simulate realistic attack scenarios and identify potential weaknesses in the organization's defenses. This information helps Red Teams in crafting their attack strategies to be as realistic and relevant as possible, thereby providing valuable insights into how actual attackers might exploit the organization's systems. This need contrasts with the requirements of other teams or roles within an organization, such as strategic decision-makers, who might be more interested in intelligence relatedto strategic risks or Blue Teams, which focus on defending against and responding to attacks.References:
* Red Team Field Manual (RTFM)
* MITRE ATT&CK Framework for understanding threat actor TTPs
質問 # 40
Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.
Connection status and content type
Accept-ranges and last-modified information
X-powered-by information
Web server in use and its version
Which of the following tools should the Tyrion use to view header content?
- A. Burp suite
- B. Vanguard enforcer
- C. AutoShun
- D. Hydra
正解:A
質問 # 41
Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.
Which of the following online sources should Alice use to gather such information?
- A. Financial services
- B. Job sites
- C. Hacking forums
- D. Social network settings
正解:C
解説:
Alice, looking to gather information on emerging threats including attack methods, tools, and post-attack techniques, should turn to hacking forums. These online platforms are frequented by cybercriminals and security researchers alike, where information on the latest exploits, malware, and hacking techniques is shared and discussed. Hacking forums can provide real-time insights into the tactics, techniques, and procedures (TTPs) used by threat actors, offering a valuable resource for threat intelligence analysts aiming to enhance their organization's defenses.References:
* "Hacking Forums: A Ground for Cyber Threat Intelligence," by Digital Shadows
* "The Value of Hacking Forums for Threat Intelligence," by Flashpoint
質問 # 42
In which of the following attacks does the attacker exploit vulnerabilities in a computer application before the software developer can release a patch for them?
- A. Distributed network attack
- B. Active online attack
- C. Advanced persistent attack
- D. Zero-day attack
正解:D
解説:
A zero-day attack exploits vulnerabilities in software or hardware that are unknown to the vendor or for which a patch has not yet been released. These attacks are particularly dangerous because they take advantage of the window of time between the vulnerability's discovery and the availability of a fix, leaving systems exposed to potential exploitation. Zero-day attacks require a proactive and comprehensive approach to security, including the use of advanced threat detection systems and threat intelligence to identify and mitigate potential threats before they can be exploited.References:
* "Understanding Zero-Day Exploits," by MITRE
* "Zero-Day Threats: What They Are and How to Protect Against Them," by Symantec
質問 # 43
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy.
She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?
- A. Convenience sampling
- B. Data visualization
- C. Sandboxing
- D. Normalization
正解:D
解説:
Normalization in the context of data analysis refers to the process of organizing data to reduce redundancy and improve efficiency in storing and sharing. By filtering, tagging, and queuing, Miley is effectively normalizing the data-converting it from various unstructured formats into a structured, more accessible format. This makes the data easierto analyze, store, and share. Normalization is crucial in cybersecurity and threat intelligence to manage the vast amounts of data collected and ensure that only relevant data is retained and analyzed. This technique contrasts with sandboxing, which is used for isolating and analyzing suspicious code; data visualization, which involves representing data graphically; and convenience sampling, which is a method of sampling where samples are taken from a group that is conveniently accessible.References:
* "The Application of Data Normalization to Database Security," International Journal of Computer Science Issues
* SANS Institute Reading Room, "Data Normalization Considerations in Cyber Threat Intelligence"
質問 # 44
An analyst is conducting threat intelligence analysis in a client organization, and during the information gathering process, he gathered information from the publicly available sources and analyzed to obtain a rich useful form of intelligence. The information source that he used is primarily used for national security, law enforcement, and for collecting intelligence required for business or strategic decision making.
Which of the following sources of intelligence did the analyst use to collect information?
- A. OSINT
- B. OPSEC
- C. SIGINT
- D. ISAC
正解:A
質問 # 45
What is the correct sequence of steps involved in scheduling a threat intelligence program?
1. Review the project charter
2. Identify all deliverables
3. Identify the sequence of activities
4. Identify task dependencies
5. Develop the final schedule
6. Estimate duration of each activity
7. Identify and estimate resources for all activities
8. Define all activities
9. Build a work breakdown structure (WBS)
- A. 1-->2-->3-->4-->5-->6-->7-->8-->9
- B. 3-->4-->5-->2-->1-->9-->8-->7-->6
- C. 1-->2-->3-->4-->5-->6-->9-->8-->7
- D. 1-->9-->2-->8-->3-->7-->4-->6-->5
正解:D
質問 # 46
Jame, a professional hacker, is trying to hack the confidential information of a target organization. He identified the vulnerabilities in the target system and created a tailored deliverable malicious payload using an exploit and a backdoor to send it to the victim.
Which of the following phases of cyber kill chain methodology is Jame executing?
- A. Installation
- B. Reconnaissance
- C. Exploitation
- D. Weaponization
正解:D
質問 # 47
Cybersol Technologies initiated a cyber-threat intelligence program with a team of threat intelligence analysts.
During the process, the analysts started converting the raw data into useful information by applying various techniques, such as machine-based techniques, and statistical methods.
In which of the following phases of the threat intelligence lifecycle is the threat intelligence team currently working?
- A. Analysis and production
- B. Planning and direction
- C. Processing and exploitation
- D. Dissemination and integration
正解:C
解説:
The phase where threat intelligence analysts convert raw data into useful information by applying various techniques, such as machine learning or statistical methods, is known as 'Processing and Exploitation'. During this phase, collected data is processed, standardized, and analyzed to extract relevant information. This is a critical step in the threat intelligence lifecycle, transforming raw data into a format that can be further analyzed and turned into actionable intelligence in the subsequent 'Analysis and Production' phase.References:
* "Intelligence Analysis for Problem Solvers" by John E. McLaughlin
* "The Cyber Intelligence Tradecraft Project: The State of Cyber Intelligence Practices in the United States (Unclassified Summary)" by the Carnegie Mellon University's Software Engineering Institute
質問 # 48
Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?
- A. Data collection through DNS interrogation
- B. Data collection through passive DNS monitoring
- C. Data collection through dynamic DNS (DDNS)
- D. Data collection through DNS zone transfer
正解:B
解説:
Passive DNS monitoring involves collecting data about DNS queries and responses without actively querying DNS servers, thereby not altering or interfering with DNS traffic. This technique allows analysts to track changes in DNS records and observe patterns that may indicate malicious activity. In the scenario described, Enrique is employing passive DNS monitoring by using a recursive DNS server to log the responses received from name servers, storing these logs in a central database for analysis. This approach is effective for identifying malicious domains, mapping malware campaigns, and understanding threat actors' infrastructure without alerting them to the fact that they are being monitored. This method is distinct from active techniques such as DNS interrogation or zone transfers, which involve sending queries to DNS servers, and dynamic DNS, which refers to the automatic updating of DNS records.References:
* SANS Institute InfoSec Reading Room, "Using Passive DNS to Enhance Cyber Threat Intelligence"
* "Passive DNS Replication," by Florian Weimer, FIRST Conference Presentation
質問 # 49
......
リアルな312-85試験別格な練習試験問題:https://jp.fast2test.com/312-85-premium-file.html
100%合格率でリアルな312-85試験成功ゲット:https://drive.google.com/open?id=1uAwz407y2wmGEXcTKoilYWQrSLdjmjsZ