JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.
CTIA Module 04
You will received results through email.
Sign in to Google
to save your progress.
Learn more
What means System Baselining in a data collection environment?
1 point
Refers to analyse the system searching for IOC'S
Refers to install the sandbox operating system
Refers to hardening the system to protect it from malware
Refers to taking a snapshot of the system at the time the malware analysis begins.
Clear selection
Whe footprinting, metadata extraction tools gets the info from:
1 point
HTML files
robots.txt
PDF files
JavaScript files
Clear selection
Select what kind of threat intelligence source is: IOC buckets
1 point
Commercial Sources
Indicators of Compromise
Government and Law Enforcement Sources
Industry Association and Vertical Communities
Clear selection
Select what kind of threat intelligence source is: Krebsonsecurity.com
1 point
Commercial Sources
Government and Law Enforcement Sources
Industry Association and Vertical Communities
Indicators of Compromise
Clear selection
Steps that an analyst can follow in order to use the loC data more effectively for building threat intelligence (select 3)
1 point
Enrich the collected loC data to gather pivot points (IP addresses, domain names, etc.) and analyze them for any correlations or connections.
Analyze Large HTML responses with big size
Define the objectives In using loCs In the defense strategy. This Influences the analyst's intelligence collection criteria.
Lists of Multiple login failures
Identify the relevance of the loC feeds and select the important loC feeds based on Intelligence collection requirement for building the threat Intelligence.
To hide phishing and malware delivery locations can be used...
1 point
dns lookup
whois
Fast-Flux
nslookup
Clear selection
Which is not a good practice in reparing a testbed for malware analysis?
1 point
Enable the "shared folders" and disble the "guest isolation"
Simulate Internet services using tools such as iNetSim
Generate hash value of each OS and tool
Install malware analysis tools
Clear selection
Advanced Google search operators can be used for creating complex search queries. What does the next operator? cache:
1 point
This operator displays websites that are similar to the URL specified.
Displays Google's old version of a web page instead of the current version of the web page.
This operator restricts results to only those pages containing all query terms specified in the text on links to the page
Searches websites or pages that points to the specified website or page.
This operator allows you to search your results based on its file extension.
Clear selection
Select which site looks suitable for finding details about firewall, internal server type, OS used, software versions, database schema, network appliances.
1 point
Job Sites
Social Networking Sites
Groups, Forums, and Blogs
Clear selection
Indicators of Compromise (loCs) can also be collected from various sources that exist within the organizational perimeter. Select a non internal source of IOCs
1 point
Unusual activity through privileged user account
Large HTML response size
Unusual DNS request
Suspicious registry or system file changes
Unexpected patching of systems
Sinkholes
Clear selection
Select a non Free IOC Source...
1 point
threat_note
Blueliv
MISP
Norse
AlienVaultOTX
Clear selection
____________ is generally referred to a person or an agent under the Regulation of Investigatory Powers Act 2000 (RIPA), UK.
1 point
FININT
CCI
FS-ISAC
CHIS
Clear selection
Select the sites where is not possible to find yara rules.
1 point
Alienvault OTX
Malstrom
VirusTotal
Apility.io
Clear selection
A data sampling strategy will avoid generalization, where estimates can't be made about the total data based on the findings from the samples that are studied.
1 point
True
False
Clear selection
Which dll stands for Supports higher-level networking functions?
1 point
Advapi32.dll
WSock32.dll
Ws2_32.dll
Ntdll.dll
Kernel32.dll
Gdi32.dll
Wininet.dll
User32.dll
Clear selection
Select the type of data for end-level form of data that is filtered, analyzed, and relevant in form and it is distributed as report.
1 point
Raw Data
Production Data
Exploited Data
Clear selection
Which type of threat intelligence source comes from: Facebook, LinkedIn, Twitter, WhatsApp, Instagram, Telegram
1 point
FININT
OSINT
GEOINT
SOCMINT
TECHINT
IMINT
MASINT
SIGINT
HUMINT
CCI
Clear selection
______ allows redirecting potentially malicious IP address traffic into a ______ DNS server to prevent the malware from making DNS requests and resolving the hostnames from the malicious URLs.
1 point
Data collection through passive DNS monitoring
Data collection through honeypots
Data collection through pivoting off adversary's infrastructure
Data collection through malware sinkholes
Data collection through YARA rules
Clear selection
Which dll stands for Functions for displaying and manipulating graphics?
1 point
Gdi32.dll
Kernel32.dll
Advapi32.dll
Ws2_32.dll
Wininet.dll
WSock32.dll
User32.dll
Ntdll.dll
Clear selection
Which type of threat intelligence feed is: Firewall Sandbox
1 point
External Intelligence Feeds
Proactive Surveillance Feeds
Internal Intelligence Feeds
Clear selection
Social enineering techniques. ____________ is a technique, where an analyst secretly observes the target to gain critical information. In the ______________ technique, the analyst stands behind the victim and secretly observes the victim's activities on the computer.
1 point
Dumpster Diving
Shoulder Surfing
Reverse Social Engineering
Impersonation
Tailgating
Eavesdropping
Piggybacking
Clear selection
Analyst can use to perform website footprinting with this tools: (select 5)
1 point
Firebug
Burp Suite
Website Informer
Cuckoo
Paros Proxy
Zaproxy
IDA pro
Which type of Storage Platform is a Cloud Storage?
1 point
Bittorrent, Apache Cassandra, MongoDB
AWS, Microsoft Azure, EnterpriseDB, Google Cloud SQL
Spreadsheets, MS Access, MySQL, Oracle, SQL Server
Clear selection
Advanced Google search operators can be used for creating complex search queries. What does the next operator? allinanchor:
1 point
Displays Google's old version of a web page instead of the current version of the web page.
This operator allows you to search your results based on its file extension.
This operator displays websites that are similar to the URL specified.
This operator restricts results to only those pages containing all query terms specified in the text on links to the page
Searches websites or pages that points to the specified website or page.
Clear selection
What means dark web versus deep web?
1 point
Is the subset of deep web where it enables anyone to navigate anonymously without being traced
It is the surface layer of online cyberspace that allows user to find the web pages and content using normal web browsers.
Dark web can be accessed by search engines like DeeperWeb, Surfwax, contrary to deep web, that cannot.
It can be accessed by simple browsers like Google Chrome, Mozilla Firefox, Opera, etc.
Clear selection
______ consists of information related to: the threat machine's IP address, operating systems, details about subnet, domain names of C2 headers, headers of the phishing emails, any network indicator or email indicator.
1 point
Technical Threat Intelligence Data Collection
Operational Threat Intelligence Data Collection
Strategic Threat Intelligence Data Collection
Tactical Threat Intelligence Data Collection
Clear selection
Which dll stands for Interface to the Windows kernel?
1 point
Kernel32.dll
Wininet.dll
Ntdll.dll
Gdi32.dll
User32.dll
Ws2_32.dll
WSock32.dll
Advapi32.dll
Clear selection
______involves high-level geopolitical assessment and collection of information related to political affairs, economics, societal interactions, technology developments.
1 point
Technical Threat Intelligence Data Collection
Tactical Threat Intelligence Data Collection
Strategic Threat Intelligence Data Collection
Operational Threat Intelligence Data Collection
Clear selection
______ consists of collection of: threat actor group reports, attack campaign reports, collection of incident reports and data from evaluated malware samples.
1 point
Technical Threat Intelligence Data Collection
Strategic Threat Intelligence Data Collection
Operational Threat Intelligence Data Collection
Tactical Threat Intelligence Data Collection
Clear selection
Select a Free IOC Source...
1 point
Symantec
IBM X-Force Exchange
Dell Secureworks
McAfee
Clear selection
Whois is a query and response protocol used for querying databases that listens to requests on port ______ (TCP).
1 point
53
443
80
43
Clear selection
Which type of threat intelligence feed is: Underground forums
1 point
Proactive Surveillance Feeds
Internal Intelligence Feeds
External Intelligence Feeds
Clear selection
Which type of threat intelligence source comes from: Electro-optical, Radar sensors, Acoustic sensors like sonars, LASER, Infrared, Spectroscopic sensors
1 point
HUMINT
CCI
SOCMINT
SIGINT
TECHINT
MASINT
FININT
IMINT
GEOINT
OSINT
Clear selection
______ data is also collected from sources like: high-level geopolitical assessment, OSINT, security industry white papers, human contacts.
1 point
Operational Threat Intelligence Data Collection
Strategic Threat Intelligence Data Collection
Technical Threat Intelligence Data Collection
Tactical Threat Intelligence Data Collection
Clear selection
Sampling is the technique of collecting small portions of data from huge chunks of data in such a way that the selected samples are considered as generalized samples of the entire chunk of data.
1 point
True
False
Clear selection
Which type of threat intelligence source comes from: Media, Internet, Public government data, Corporate/academic publishings, Literature
1 point
GEOINT
SIGINT
HUMINT
SOCMINT
OSINT
FININT
CCI
TECHINT
IMINT
MASINT
Clear selection
Which type of threat intelligence feed is: Brand monitoring
1 point
Proactive Surveillance Feeds
Internal Intelligence Feeds
External Intelligence Feeds
Clear selection
Which type of threat intelligence source comes from: Satellite imagery, Unmanned Aerial Vehicles (UAV) imagery, MapsGPS Waypoints, IMINT (Imagery Intelligence), National Geospatial-intelligenceAgency (NGA)
1 point
HUMINT
CCI
SIGINT
OSINT
MASINT
FININT
SOCMINT
IMINT
TECHINT
GEOINT
Clear selection
Which type of threat intelligence feed is: DNS monitoring
1 point
Internal Intelligence Feeds
External Intelligence Feeds
Proactive Surveillance Feeds
Clear selection
Select Benefits of Data Collection in a bulk way
1 point
Bulk data collection can be achieved by collecting large chunks of data in very less time making it more time efficient. Information that comes out after the analysis of bulk data might be very useful with respect to its fewer false positive content.
Data may have confidential and sensitive information, resulting in privacy or security breach.
Analysis and processing of the data is a time-taking process, when some data might be required immediately.
Data might be incomplete in form, like missing data fields and values, making the analysis process difficult.
Clear selection
_______________ ensueres how to securely collect the data and simultaneously maintain anonymity during the collection process depending on the organizational security policy to ensure privacy.
1 point
Opportunity Analysis
OPSEC
MRTI
NOC
Clear selection
Social enineering techniques. ____________ is a common human-based social engineering technique where an analyst pretends to be a legitimate or authorized person
1 point
Dumpster Diving
Shoulder Surfing
Impersonation
Eavesdropping
Reverse Social Engineering
Tailgating
Piggybacking
Clear selection
To obtain suitable data about Reverse IP Domain Check can be used...
1 point
Fast-Flux
whois
nslookup
dns lookup
Clear selection
______ is valid only for short time horizon.
1 point
Operational Threat Intelligence Data Collection
Tactical Threat Intelligence Data Collection
Strategic Threat Intelligence Data Collection
Technical Threat Intelligence Data Collection
Clear selection
Identify a Static Malware Analysis technique
1 point
Finding the portable executables (PE) information
Executing the malware code in a sandbox
Generate hash value of each OS and tool
Simulate Internet services
Clear selection
Select the type of data for unprocessed, unaltered, and unfittered form of data.
1 point
Exploited Data
Raw Data
Production Data
Clear selection
Which type of threat intelligence feed is: Malware forensics
1 point
Proactive Surveillance Feeds
External Intelligence Feeds
Internal Intelligence Feeds
Clear selection
Which dll stands for Networking DLLs that help to connect to a network or perform network relatedtasks?
1 point
Ws2_32.dll
User32.dll
Advapi32.dll
Wininet.dll
Ntdll.dll
Kernel32.dll
WSock32.dll
Gdi32.dll
Clear selection
______ is a multi-platform tool that is used by malware researchers to identify and classify malware samples based on binary or textual patterns.
1 point
Data collection through passive DNS monitoring
Data collection through honeypots
Data collection through YARA rules
Data collection through pivoting off adversary's infrastructure
Data collection through malware sinkholes
Clear selection
DeeperWeb is a dark net web browser.
1 point
True
False
Clear selection
Select the type of data for data that is filtered and sorted by other analysts.
1 point
Raw Data
Exploited Data
Production Data
Clear selection
What is Talend?
1 point
is a sampling model for data adquisition
is a big data integration framework
is a grpahic analysis tool
is a job portal
Clear selection
Analysts need to consider the ____________ of a threat to prioritize threat intelligence needs and requirements.
1 point
host system and its influence
information or vulnerabilities
evidence or assumption
frequency or impact
Clear selection
What that stands for IT-ISAC?
1 point
Space Intelligence sharing and Analysis Center
Information Technology Intelligence sharing and Analysis Center
America Information Sharing and Analysis Centers
European Information Sharing and Analysis Centers
Clear selection
Select which site looks suitable for finding details about Fully Qualified Domain Names (FQDNs), log samples, IP addresses, and usernames in messages at ...
1 point
Social Networking Sites
Groups, Forums, and Blogs
Job Sites
Clear selection
______ categorizes attacks such as email, web, and USB accordingto the attack vector used to trick humans. The toolkit attacks human weakness, exploitingtrust, fear, avarice, and the helping nature of humans.
1 point
Automater
SET
Spider Foot
FOCA
Clear selection
Use the ___________ tool to determine visually the relationships and real world links among people, groups of people (social networks), companies, organizations, websites, Internet infrastructure, phrases, documents, and files.
1 point
Maltego
OSTrlCa
FOCA
GOSINT
Clear selection
What kind of DNS recod contains host's name server?
1 point
A
AAAA
CNAME
MX
NS
Clear selection
Indicators of Compromise (loCs) can also be collected from various sources that exist within the organizational perimeter. Select a non internal source of IOCs
1 point
Unusual outbound network traffic
Web traffic statistics
Multiple login failures
Increase in database read volume
Geographical anomalies
Clear selection
Which is not a search engine very suitable for the deep web?
1 point
Pipl
DeeperWeb
Surfwax
Bing
DuckDuckGo
Clear selection
What kind of DNS recod contains an alias name?
1 point
A
AAAA
NS
CNAME
MX
Clear selection
Which type of Storage Platform is a Distributed Storage?
1 point
Bittorrent, Apache Cassandra, MongoDB
Spreadsheets, MS Access, MySQL, Oracle, SQL Server
AWS, Microsoft Azure, EnterpriseDB, Google Cloud SQL
Clear selection
Select what kind of threat intelligence source is: CERIAS Blog
1 point
Indicators of Compromise
Industry Association and Vertical Communities
Government and Law Enforcement Sources
Commercial Sources
Clear selection
Building Custom IoCs with... (select 2)
1 point
Redline
MISP
IOC Finder
Valkyrie Unknown File Hunter
IOC editor
Which type of threat intelligence source comes from: Honeypots, Passive DNS monitors, Online web trackers, Sock puppets (fake profiling) on online forums, Publishing false reports
1 point
IMINT
CCI
MASINT
SOCMINT
SIGINT
HUMINT
GEOINT
TECHINT
FININT
OSINT
Clear selection
Which type of threat intelligence source comes from: Visual photography, Infrared sensors, Synthetic Aperture Radar (SAR), MASINT (Measurement and Signature Intelligence), LASER, Electro-optics
1 point
MASINT
TECHINT
GEOINT
SOCMINT
IMINT
CCI
OSINT
FININT
SIGINT
HUMINT
Clear selection
______ can be acquired from social media sources and chat room conversations for any indications of pre-planned attacks.
1 point
Tactical Threat Intelligence Data Collection
Technical Threat Intelligence Data Collection
Strategic Threat Intelligence Data Collection
Operational Threat Intelligence Data Collection
Clear selection
Social enineering techniques. The social engineer will cause some incident creating a problem and then present himself/herself as the problem solver through general conversation with ____________
1 point
Reverse Social Engineering
Tailgating
Piggybacking
Dumpster Diving
Shoulder Surfing
Eavesdropping
Impersonation
Clear selection
Which type of threat intelligence feed is: Mailbox misuse information
1 point
Internal Intelligence Feeds
Proactive Surveillance Feeds
External Intelligence Feeds
Clear selection
Social enineering techniques. ____________ is the process of retrieving sensitive personal or organizational information by searching through trash bins.
1 point
Eavesdropping
Impersonation
Piggybacking
Reverse Social Engineering
Dumpster Diving
Shoulder Surfing
Tailgating
Clear selection
Analyst can gather a ____________ from job postings, which the attackers can gather through footprinting job sites.
1 point
probably all of them
firewall details
database schema
internal server type or OS used
network appliances
Clear selection
Which type of threat intelligence source comes from: Foreign equipment, Foreign weapon systems, SatellitesTechnical research papers, Foreign media, Human contacts
1 point
CCI
HUMINT
SIGINT
OSINT
FININT
TECHINT
GEOINT
MASINT
SOCMINT
IMINT
Clear selection
______ is a cyber counterintelligence mechanism where a recursive DNS server is employed to perform inter-server DNS communication.
1 point
Data collection through malware sinkholes
Data collection through YARA rules
Data collection through honeypots
Data collection through pivoting off adversary's infrastructure
Data collection through passive DNS monitoring
Clear selection
To obtain suitable data about Domain created date can be used...
1 point
dns lookup
Fast-Flux
whois
nslookup
Clear selection
______provides crucial information related to the attacker, attack patterns, and also can achieve information of when likely would the attack take place.
1 point
Strategic Threat Intelligence Data Collection
Tactical Threat Intelligence Data Collection
Operational Threat Intelligence Data Collection
Technical Threat Intelligence Data Collection
Clear selection
______ involves the collection of actionable information about any specific incoming attacks or events. It provides crucial information about activity-related attacks
1 point
Strategic Threat Intelligence Data Collection
Operational Threat Intelligence Data Collection
Technical Threat Intelligence Data Collection
Tactical Threat Intelligence Data Collection
Clear selection
Advanced Google search operators can be used for creating complex search queries. What does the next operator? related:
1 point
Searches websites or pages that points to the specified website or page.
This operator displays websites that are similar to the URL specified.
Displays Google's old version of a web page instead of the current version of the web page.
This operator allows you to search your results based on its file extension.
This operator restricts results to only those pages containing all query terms specified in the text on links to the page
Clear selection
______ is an information system resource that is expressly set up to attract and trap people who attempt to penetrate an organization's network.
1 point
Data collection through pivoting off adversary's infrastructure
Data collection through YARA rules
Data collection through passive DNS monitoring
Data collection through honeypots
Data collection through malware sinkholes
Clear selection
_________ is a open source framework that allows everyone to automatically collect and visualize any sort of threat intelligence data harvested (loCs)
1 point
FOCA
OSTrlCa
Maltego
GOSINT
Clear selection
Files that can be ussually tested into a sandbox.
1 point
DLL, ZIP, PY
DMG, TXT, DWG
PDF, EXE, VBS
SHELL, COM, SH
Clear selection
Operational Security (OPSEC) refers to...
1 point
A detailed review of the usability of the intelligence or the opportunities where the intelligence can make a significant impact
The project modeling technique, which includes a list of all activities required to complete the project, time, dependencies, and logical endpoints such as milestones
To the process of creating a logical sequence of events based on assumptions of an adversary's proposed actions, mechanisms, indicators, and implications
The risk management process where an analyst analyzes the complete operations from an adversary's point-of-view to provide security measures and avoid sensitive organizational data to get exposed.
Clear selection
Select what kind of threat intelligence source is: MISP (Malware Information Sharing Platform)
1 point
Commercial Sources
Industry Association and Vertical Communities
Government and Law Enforcement Sources
Indicators of Compromise
Clear selection
Use _______ to find metadata and hidden information in the documents it scans from websites.
1 point
OSTrlCa
FOCA
Maltego
GOSINT
Clear selection
Threat information is only as trustworthy as the source of that data, so it is essential to validate the ______ of third-party threat intelligence sources.
1 point
reliability
credibility
influence
potential
Clear selection
Which kind of Data Collection Methods are done with internal forums, internal network activities or traffic system logs of an organization?
1 point
Active Data Collection
Hybrid Data Collection
Passive Data Collection
Clear selection
An organizations asset which ip address dynamically changes can use...
1 point
Hostname
DNS
Zone Transfer
DDNS
Clear selection
Select which is not an IoC Data Collection Tool through Internal Sources
1 point
IOC Finder
Alienvault OTX
Redline
Valkyrie Unknown File Hunter
Splunk Enterprise
Clear selection
Which type of threat intelligence feed is: Law enforcement feed
1 point
External Intelligence Feeds
Internal Intelligence Feeds
Proactive Surveillance Feeds
Clear selection
Analysts can also collect information about VOIP and VPN network using Google advanced operators.
1 point
False
True
Clear selection
Select a comercial IOC's external source.
1 point
Symantec
MISP
Alienvault OTX
Cacador
Clear selection
To obtain suitable data about adversary IP can be used... (3 choice)
1 point
nslookup
dns lookup
whois
Fast-Flux
Which type of threat intelligence feed is: GEOIP statistics
1 point
Internal Intelligence Feeds
External Intelligence Feeds
Proactive Surveillance Feeds
Clear selection
Select Data collection through search engines (select 3)
1 point
GHDB
OneSwarm
TOR Browser
Exploit Database
ThreatCrowd
Which is the Regional Internet Registry for Europe?
1 point
ARIN
RIPE
AFRINIC
APNIC
LACNIC
Clear selection
Advanced Google search operators can be used for creating complex search queries. What does the next operator? link:
1 point
This operator allows you to search your results based on its file extension.
This operator displays websites that are similar to the URL specified.
Displays Google's old version of a web page instead of the current version of the web page.
Searches websites or pages that points to the specified website or page.
This operator restricts results to only those pages containing all query terms specified in the text on links to the page
Clear selection
______ deals with the technicalities of an attacker's assets and infrastructure.
1 point
Strategic Threat Intelligence Data Collection
Technical Threat Intelligence Data Collection
Tactical Threat Intelligence Data Collection
Operational Threat Intelligence Data Collection
Clear selection
Normalization is the process of ________ _____ to make it sorted and usable by the humans as well as by automated machine tools for intelligence consumption.
1 point
collecting in chunks
feed data from standard sources
analyzing in blocks
structuring the unstructured data
Clear selection
Select which site looks suitable for finding details about employees' interests and then trick them to reveal more information.
1 point
Job Sites
Social Networking Sites
Groups, Forums, and Blogs
Clear selection
Select what kind of threat intelligence source is: MineMeld
1 point
Government and Law Enforcement Sources
Indicators of Compromise
Commercial Sources
Industry Association and Vertical Communities
Clear selection
Analysts can perform __________ to identify behavioural vulnerabilities in human resources of an organization like human nature of trust.
1 point
SIGINT collection
OSINT collection
social engineering
network hacking
Clear selection
Select a malware analysis tool
1 point
IOC editor
Blueliv
Redline
IBM X-Force Exchange
Clear selection
Which type of threat intelligence feed is: Vulnerability information
1 point
Internal Intelligence Feeds
Proactive Surveillance Feeds
External Intelligence Feeds
Clear selection
Select a parameter of nromalization:
1 point
Distributed Processing
Feature Selection and Extraction
Complexity
Volume
Clear selection
Malware analysis is a process of ______________ a specific piece of malware in order to determine the origin, functionality, and potential impact of a given type of malware.
1 point
IOC creation
reverse engineering
emulate intrussions
threat hunting
Clear selection
Which type of threat intelligence source comes from: Financial Intelligence Unit (FIU), Banks, SWIFT, Informal value transfer systems (IVTS)
1 point
GEOINT
TECHINT
OSINT
HUMINT
MASINT
SIGINT
FININT
CCI
SOCMINT
IMINT
Clear selection
What data can be collected from:
www.httrack.com
1 point
Is an Internet Archive Wayback Machine that explores archived versions of websites.
It is an anti-abuse API that helps analysts to know if the IP address, domain, or email of a user is blacklisted
Company's website traffic to collect valuable threat information that helps the analyst in collecing information about an organization's customer base fo social engineering attacks.
It downloads a website from the Internet to a local directory, building recursively all directories and getting HTML, images, and other files from the web server to another computer.
Clear selection
For ease of analysis and dissemination, collected threat data must be present in the structured form. Select which is not a strcuture for this purpose.
1 point
TAXII
CybOX
OPENIOC
ISAC
STIX
Clear selection
Which type of Storage Platform is a centralized platform?
1 point
Bittorrent, Apache Cassandra, MongoDB
AWS, Microsoft Azure, EnterpriseDB, Google Cloud SQL
Spreadsheets, MS Access, MySQL, Oracle, SQL Server
Clear selection
Received: from
DB8EUR06HT009.eop-eur06.prod.protection.outlook.com
(2603:10a6:20b:3a::24) by
AM7PR09MB3621.eurprd09.prod.outlook.com
with HTTPS via
AM6PR0202CA0047.EURPRD02.PROD.OUTLOOK.COM
; Wed, 18 Nov 2020 11:55:03 +0000Received: from
DB8EUR06FT034.eop-eur06.prod.protection.outlook.com
(2a01:111:e400:fc35::45) by
DB8EUR06HT009.eop-eur06.prod.protection.outlook.com
(2a01:111:e400:fc35::198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3564.22; Wed, 18 Nov 2020 11:55:03 +0000Authentication-Results: spf=none (sender IP is 5.34.181.2) smtp.mailfrom=
mn.com
;
hotmail.com
; dkim=none (message not signed) header.d=none;
hotmail.com
; dmarc=none action=none header.from=
agenciatributaria.com
;Received-SPF: None (
protection.outlook.com
:
mn.com
does not designate permitted sender hosts)Received: from
mn.com
(5.34.181.2) by
DB8EUR06FT034.mail.protection.outlook.com
(10.233.253.13) with Microsoft SMTP Server id 15.20.3589.20 via Frontend Transport; Wed, 18 Nov 2020 11:55:03 +0000X-IncomingTopHeaderMarker: OriginalChecksum:F7ABAC3A49EC960586AD20AAEBF2858A06A6F678A1959CC4A75190EA4C707701;UpperCasedChecksum:5C2B0F355AA6CC255ECA968D24B6777D24D5B173ABF7EC530D1F3E88BD187438;SizeAsReceived:358;Count:7Received: by
mn.com
(Postfix, from userid 0)
id 4E5EF7C9F7; Wed, 18 Nov 2020 10:15:45 +0100 (CET)content-type: text/htmlSubject: Notificacion Pendiente - Servicio Tributaria - N(777383937)From: aviso@agenciatributaria.comTo: manoloperez@hotmail.comMessage-Id: <
20201118091830.4E5EF7C9F7@mn.com
>Date: Wed, 18 Nov 2020 10:15:45 +0100 (CET)X-IncomingHeaderCount: 7....................................................................................................................................................................................................................................................................WHICH IS THE ORIGINAL MAIL SENDER?
1 point
agenciatributaria.com
5.34.181.2
10.233.253.13
2a01:111:e400:fc35::198
2a01:111:e400:fc35::45
Clear selection
______ deals with TTP's of threat groups and is most effectively used in defending an organization.
1 point
Operational Threat Intelligence Data Collection
Strategic Threat Intelligence Data Collection
Tactical Threat Intelligence Data Collection
Technical Threat Intelligence Data Collection
Clear selection
______ is used to perform analysis that is consumed by high-level senior leaders within an organization to understand and predict risks and threats for an organization.
1 point
Tactical Threat Intelligence Data Collection
Strategic Threat Intelligence Data Collection
Technical Threat Intelligence Data Collection
Operational Threat Intelligence Data Collection
Clear selection
One way to obtain in block hostnames, machine names, user names, IP addresses, aliases assigned within a domain is by....
1 point
Zone Transfer
DNS
DDNS
Hostname
Clear selection
Types of Data Sampling (3 selection)
1 point
Purposive Sampling
Convenience Sampling
Drived Sampling
Probability Sampling
Select security measures that can be adopted in a data collection process. (select 4)
1 point
Use virtual machines
Use VPN
TOR Browser
Use HTTP conections
NOC
SSH
What data can be collected from:
archive.org
1 point
Is an Internet Archive Wayback Machine that explores archived versions of websites.
It downloads a website from the Internet to a local directory, building recursively all directories and getting HTML, images, and other files from the web server to another computer.
It is an anti-abuse API that helps analysts to know if the IP address, domain, or email of a user is blacklisted
Company's website traffic to collect valuable threat information that helps the analyst in collecing information about an organization's customer base fo social engineering attacks.
Clear selection
Social enineering techniques. ____________ is the act of secretly listening to the conversations of people over a phone or video conference without their consent.
1 point
Impersonation
Eavesdropping
Piggybacking
Reverse Social Engineering
Tailgating
Dumpster Diving
Shoulder Surfing
Clear selection
When footprinting, hidden to the search engines info can be obtained from:
1 point
PDF files
JavaScript files
robots.txt
HTML files
Clear selection
What data can be collected from:
apility.io
1 point
It downloads a website from the Internet to a local directory, building recursively all directories and getting HTML, images, and other files from the web server to another computer.
Company's website traffic to collect valuable threat information that helps the analyst in collecing information about an organization's customer base fo social engineering attacks.
It is an anti-abuse API that helps analysts to know if the IP address, domain, or email of a user is blacklisted
Is an Internet Archive Wayback Machine that explores archived versions of websites.
Clear selection
Select what kind of threat intelligence source is: FortiGuard
1 point
Commercial Sources
Industry Association and Vertical Communities
Indicators of Compromise
Government and Law Enforcement Sources
Clear selection
Which type of threat intelligence source comes from: interception of communication signals, electronic sensors like radars, non-human communication systems
1 point
HUMINT
SOCMINT
OSINT
CCI
MASINT
TECHINT
SIGINT
FININT
GEOINT
IMINT
Clear selection
Data Collection through Web Services: Finding Top-Level Domains (TLDs) and Sub-domains ca be done using....
1 point
www.netcraft.com
www.misp-project.org
Oxmsec.org
hackaday.com
Clear selection
Which type of threat intelligence feed is: Fraud analysis
1 point
Internal Intelligence Feeds
Proactive Surveillance Feeds
External Intelligence Feeds
Clear selection
What means Stage Host Integrity Monitoring in a data collection environment?
1 point
Refers to taking a snapshot of the system after the malware execution.
Refers to taking a snapshot of the system before the malware execution.
Refers to taking a snapshot of the system at the time the malware analysis begins and detect changes before the analysis.
Consists in collect details of file system, registry, open ports and network activity before malware analysis
Clear selection
Advanced Google search operators can be used for creating complex search queries. What does the next operator? Filetype:
1 point
This operator allows you to search your results based on its file extension.
Searches websites or pages that points to the specified website or page.
This operator restricts results to only those pages containing all query terms specified in the text on links to the page
Displays Google's old version of a web page instead of the current version of the web page.
This operator displays websites that are similar to the URL specified.
Clear selection
Which kind of Data Collection Methods are done with shared networks, commercial external feeds and sources, information systems, specific network built to lure and trap the adversaries?
1 point
Hybrid Data Collection
Active Data Collection
Passive Data Collection
Clear selection
Select what kind of threat intelligence source is: European Union Agency for Network and Information Security (ENISA)
1 point
Government and Law Enforcement Sources
Industry Association and Vertical Communities
Commercial Sources
Indicators of Compromise
Clear selection
Analysts can perform __________ to identify behavioural vulnerabilities in human resources of an organization like human nature of trust.
1 point
OSINT collection
network hacking
social engineering
SIGINT collection
Clear selection
What data can be collected from:
www.alexa.com
1 point
It downloads a website from the Internet to a local directory, building recursively all directories and getting HTML, images, and other files from the web server to another computer.
It is an anti-abuse API that helps analysts to know if the IP address, domain, or email of a user is blacklisted
Is an Internet Archive Wayback Machine that explores archived versions of websites.
Company's website traffic to collect valuable threat information that helps the analyst in collecing information about an organization's customer base fo social engineering attacks.
Clear selection
Analyst must ensure the __________ of data that is collected in order to achieve better threat intelligence.
1 point
reliability
structure
values
current
Clear selection
Imagery or social media are reliable sources of data for threat intelligence.
1 point
False
True
Clear selection
Website footprinting may provide the following information: (select 5)
1 point
Software used and its version
Filename, path, database field name, or query
Contact details and CMS details
IOCs
Operating system used and scripting platform
Sub-directories and parameters
Threat actors identification
Select a well ordered collection plan
1 point
Data collection - Structuring and Normalization - Storing and visualization - Sharing information
Data collection - Storing and visualization - Sharing information - Structuring and Normalization
Storing and visualization - Data collection - Sharing information - Structuring and Normalization
Sharing information - Storing and visualization - Data collection - Structuring and Normalization
Clear selection
Social enineering techniques. ____________ usually implies entry into a building or a security area with the consent of the authorized person. For example, the analyst would request an authorized person to unlock a security door, saying that they have forgotten their ID badge.
1 point
Reverse Social Engineering
Eavesdropping
Shoulder Surfing
Impersonation
Tailgating
Dumpster Diving
Piggybacking
Clear selection
What web browser is best suited for browsing dark net?
1 point
Surfwax
Opera
Mozilla Firefox
GNUnet
Clear selection
Which file will match the next yara rule?
1 point
a file that contains any of all
a file with the bytes "8D 4D B0 2B Cl 83 C0 27 99 6A 4E 59 F7 F9"
a file with the string "UVODFRYSIHLNWPEJXQZAKCBGMT"
a file with the bytes "6A 40 68 00 30 00 00 6A 14 8D 91"
a file that contains the three of all
Clear selection
Social enineering techniques. ____________ implies access to a building or a secured area without the consent of the authorized person. It is the act of following an authorized person through a secure entrance.
1 point
Tailgating
Piggybacking
Eavesdropping
Shoulder Surfing
Reverse Social Engineering
Impersonation
Dumpster Diving
Clear selection
Analysts need to concentrate on selecting intelligence sources that contain data that is (select 4)
1 point
different
accurate
timely
relevant
has maximun coverage
frecuent
Which kind of Data Collection Methods are done with external networks or information systems that are under the control of an adversary?
1 point
Passive Data Collection
Active Data Collection
Hybrid Data Collection
Clear selection
Submit
Page 1 of 1
Clear form
This content is neither created nor endorsed by Google. -
Terms of Service
-
Privacy Policy
Does this form look suspicious?
Report
Forms
Help and feedback
Contact form owner
Help Forms improve
Report
