Cyber Threat Intelligence
LetsDefend
At what stage is big data created in cyber threat intelligence?
A) Information Gathering
Which of the following is not among the questions that the organization should ask itself during the Planning and Direction phase?
A) Which EDR product is used in the organization?
Tom, the cyber security analyst in the SOC team, wants to collect data from the major intelligence sources for his organization. Tom wants to use decoy systems to detect potential attackers. Which intelligence source is Tom trying to bring in?
A) Honeypot
What type of intelligence is appropriate for a threat hunter in the organization?
A) Operational Cyber Threat Intelligence
What type of threat intelligence is appropriate for an employee working as an L1 analyst in the organization?
A) Technical Cyber Threat Intelligence
How many subdomains does “blueteam.training” have?
A) 0
What is the service of the page builder on letsdefend.io/blog/ ?
A) Webflow
Which of the following is not one of the subdomain discovery tools?
A) Httpx
Shodan can be used to detect IP blocks. (True or False)
A) True
What is the name of the data that identifies a threat, threat actor, malicious files, and plays an important role in threat intelligence?
A)ioc
What is the filter that allows us to search the name of an organization on Shodan?
A) org
Which of the following is not among the messaging applications that threat actors frequently use?
A) instagram DM
Practice question – Tom is a SOC analyst at “LetsDefend” organization. Tom received a notification stating that malware containing the name of his organization was uploaded to AnyRun. Find the IP address the malware is connecting to?
File MD5 Hash: f6517b0a49bb245e1983d77d2f5b2f98
A) 192.168.50.104
How many processes does the malware with the MD5 Hash value “f6517b0a49bb245e1983d77d2f5b2f98” create?
A) 2
What is the first data collected in threat intelligence called?
A) Big Data
What part of extended threat intelligence contains vulnerability management?
A)easm
If we receive an alarm from the threat intelligence product we use indicating that an IP address of our organization has been blacklisted. Which of the following actions would be incorrect to apply in this situation?
A) The IP address should be disabled.
Mike is a SOC analyst at LetsDefend. The organization received intelligence indicating that the “fac941eefc8571e51aef69289b5903c4” MD5 value of one of its systems was found in malicious data. Mike needs to isolate the device from the network. Can you help us, what is the hostname of this endpoint?
The user should go to the Endpoint Security page through the “Go There” option under the question, create a search, and find the hostname of the endpoint.
A)TempHost
Which network security tool should be integrated to the threat intelligence products in order to prevent malicious inbound traffic coming into our organization in the fastest way?
A) firewall
Which of the following cannot be integrated with threat intelligence?
A) Nmap