100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CTI 2. $7.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. CTI - 2024\\2025
  4.  
  5. CTI - 2024\\2025

Exam (elaborations)

CTI 2.
 7 views  0 purchase
  • Course
  • CTI - 2024\\2025
  • Institution
  • CTI - 2024\\2025

Exam of 6 pages for the course CTI - at CTI - (CTI 2.)

Preview 2 out of 6  pages

Document information

  • August 24, 2024
  • 6
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

Written for

  • CTI - 20242025
  • CTI - 20242025

Seller

avatar-seller
CHichii

Content preview

CTI 2
Acquisition
Identification
Evaluation
Presentation - ANS-What is the correct order of a digital forensic process? (a = step 1, b = step
2, c = step 3, d = step 4)

adding context - ANS-In comparison with traditional log management systems, the most
important feature of SIEM is

All of the above (above answer choices include Number of blocked IPS, location of attacks and
number of events) - ANS-Which of the following can be useful summary statistics?

Attack graphs identify and enumerate paths an adversary could take - ANS-Which of the
following better describes attack graphs?

Command and Control - ANS-Which of the following phases is the defender's last chance to
block the operation?

Consumer
Producer - ANS-Which of the following are TAXII roles?

contextual anomaly - ANS-A successful UGA login at 3AM from Terry BLC is an example of:

Data Warehouse
Data Pre-Processing
Pattern Discovery
Knowledge Generation - ANS-What is the correct order of the data mining process? (a = step 1,
b = step 2, c = step 3, d = step 4)

Decision Tree - ANS-If you plan to explain your classification based CTI to higher level
executives, which of the following is the most suitable classifier

Delivery - ANS-What is the first and most important opportunity for defenders to block the
operation?

Deploying a firewall rule based on abnormal activity on a port
Flagging specific emails as phishing based on its features
Automatically blocking a user account based on abnormal activity - ANS-Which of the following
are examples of automated proactive defenses?

, Detect
Deny
Disrupt
Degrade
Deceive
Destroy - ANS-What are the common courses of action in response to malicious activities?

Detecting devices exposed on Shodan
Phishing emails being sent out
Identifying spurious user login
Malware targeting your systems in forums - ANS-Which of the following are examples of
actionable intelligence?

Determining if an email is malicious or not
Identifying a phishing website from a real one
Identifying malicious vs benign network traffic
Categorizing threat actors - ANS-Which of the following CTI applications can benefit from
classification?

Discovery client -host hailataxii.com - path /taxi-discovery-service -username guest -pass
Collection_information_client -host hailaxtaxii.com -username guest -pass guest -path /taxii-data
Poll_client 00host hailataxii.com -username guest -pass guest - path/taxi-data -collection
guest.Abuse_ZeusTracker - ANS-To pull/poll shared threat intelligence from HAIL A TAXII, what
is the correct order of the following commands? (a = step 1, b = step 2, c = step 3)

Dynamic Analysis
Static Analysis - ANS-What malware analysis approaches have been used in "Dissecting OSX
Fruitfly"?

EPS - ANS-The metric that measures the rate at which the IT infrastructure generates logs is
abbreviated as

Establish incident response playbook, including executive engagement and communications
plan
Detect data exfiltration, lateral movement, unauthorized credential usage
Conduct damage assessment with subject matter experts
Forensic agents pre-deployed to endpoints for rapid triage - ANS-Which of the following could
be courses of action for the action phase?

Event filtering - discard events irrelevant to the event correlator
Event masking - ignoring events pertaining to systems downstream of failed system
Even aggregation - similar events are aggregated together and de-duplicated (if needed)
Root cause analysis - analyzes dependencies between events - ANS-What is the correct order
of event correlation process? (a = step 1, b = step 2, c = step 3, d = step 4)

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller CHichii. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $7.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75619 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$7.99
  • (0)
  Add to cart