Cyber ​​Threat Intelligence

Cyber ​​Threat Intelligence


LetsDefend

At what stage is big data created in cyber threat intelligence?

A) Information Gathering

Which of the following is not among the questions that the organization should ask itself during the Planning and Direction phase?

A) Which EDR product is used in the organization?

Tom, the cyber security analyst in the SOC team, wants to collect data from the major intelligence sources for his organization. Tom wants to use decoy systems to detect potential attackers. Which intelligence source is Tom trying to bring in?

A) Honeypot

What type of intelligence is appropriate for a threat hunter in the organization?

A) Operational Cyber Threat Intelligence

What type of threat intelligence is appropriate for an employee working as an L1 analyst in the organization?

A) Technical Cyber Threat Intelligence

How many subdomains does “blueteam.training” have?

A) 0

What is the service of the page builder on letsdefend.io/blog/ ?

A) Webflow

Which of the following is not one of the subdomain discovery tools?

A) Httpx

Shodan can be used to detect IP blocks. (True or False)

A) True

What is the name of the data that identifies a threat, threat actor, malicious files, and plays an important role in threat intelligence?

A)ioc

What is the filter that allows us to search the name of an organization on Shodan?

A) org

Which of the following is not among the messaging applications that threat actors frequently use?

A) instagram DM

Practice question – Tom is a SOC analyst at “LetsDefend” organization. Tom received a notification stating that malware containing the name of his organization was uploaded to AnyRun. Find the IP address the malware is connecting to?

File MD5 Hash: f6517b0a49bb245e1983d77d2f5b2f98

A) 192.168.50.104

How many processes does the malware with the MD5 Hash value “f6517b0a49bb245e1983d77d2f5b2f98” create?

A) 2

What is the first data collected in threat intelligence called?

A) Big Data

What part of extended threat intelligence contains vulnerability management?

A)easm

If we receive an alarm from the threat intelligence product we use indicating that an IP address of our organization has been blacklisted. Which of the following actions would be incorrect to apply in this situation?

A) The IP address should be disabled.

Mike is a SOC analyst at LetsDefend. The organization received intelligence indicating that the “fac941eefc8571e51aef69289b5903c4” MD5 value of one of its systems was found in malicious data. Mike needs to isolate the device from the network. Can you help us, what is the hostname of this endpoint?

The user should go to the Endpoint Security page through the “Go There” option under the question, create a search, and find the hostname of the endpoint.

A)TempHost

Which network security tool should be integrated to the threat intelligence products in order to prevent malicious inbound traffic coming into our organization in the fastest way?

A) firewall

Which of the following cannot be integrated with threat intelligence?

A) Nmap

© 2026 Cu3rv0x