NEW QUESTION 1
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

• A. DNS zone transfer
• B. Dynamic DNS
• C. DNS interrogation
• D. Fast-Flux DNS

Answer: D

NEW QUESTION 2
John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?

• A. Initial intrusion
• B. Search and exfiltration
• C. Expansion
• D. Persistence

Answer: C

NEW QUESTION 3
Cybersol Technologies initiated a cyber-threat intelligence program with a team of threat intelligence analysts.
During the process, the analysts started converting the raw data into useful information by applying various techniques, such as machine-based techniques, and statistical methods.
In which of the following phases of the threat intelligence lifecycle is the threat intelligence team currently working?

• A. Dissemination and integration
• B. Planning and direction
• C. Processing and exploitation
• D. Analysis and production

Answer: A

NEW QUESTION 4
H&P, Inc. is a small-scale organization that has decided to outsource the network security monitoring due to lack of resources in the organization. They are looking for the options where they can directly incorporate threat intelligence into their existing network defense solutions.
Which of the following is the most cost-effective methods the organization can employ?

• A. Recruit the right talent
• B. Look for an individual within the organization
• C. Recruit data management solution provider
• D. Recruit managed security service providers (MSSP)

Answer: D

NEW QUESTION 5
Moses, a threat intelligence analyst at InfoTec Inc., wants to find crucial information about the potential threats the organization is facing by using advanced Google search operators. He wants to identify whether any fake websites are hosted at the similar to the organization’s URL.
Which of the following Google search queries should Moses use?

• A. related: www.infothech.org
• B. info: www.infothech.org
• C. link: www.infothech.org
• D. cache: www.infothech.org

Answer: A

NEW QUESTION 6
Alice, an analyst, shared information with security operation managers and network operations center (NOC) staff for protecting the organizational resources against various threats. Information shared by Alice was highly technical and include threat actor TTPs, malware campaigns, tools used by threat actors, and so on.
Which of the following types of threat intelligence was shared by Alice?

• A. Strategic threat intelligence
• B. Tactical threat intelligence
• C. Technical threat intelligence
• D. Operational threat intelligence

Answer: C

NEW QUESTION 7
In which of the following attacks does the attacker exploit vulnerabilities in a computer application before the software developer can release a patch for them?

• A. Active online attack
• B. Zero-day attack
• C. Distributed network attack
• D. Advanced persistent attack

Answer: B

NEW QUESTION 8
An analyst is conducting threat intelligence analysis in a client organization, and during the information gathering process, he gathered information from the publicly available sources and analyzed to obtain a rich useful form of intelligence. The information source that he used is primarily used for national security, law enforcement, and for collecting intelligence required for business or strategic decision making.
Which of the following sources of intelligence did the analyst use to collect information?

• A. OPSEC
• B. ISAC
• C. OSINT
• D. SIGINT

Answer: C

NEW QUESTION 9
Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He performs hacking to obtain confidential data such as social security numbers, personally identifiable information (PII) of an employee, and credit card information. After obtaining confidential data, he further sells the information on the black market to make money.
Daniel comes under which of the following types of threat actor.

• A. Industrial spies
• B. State-sponsored hackers
• C. Insider threat
• D. Organized hackers

Answer: D

NEW QUESTION 10
SecurityTech Inc. is developing a TI plan where it can drive more advantages in less funds. In the process of selecting a TI platform, it wants to incorporate a feature that ranks elements such as intelligence sources, threat actors, attacks, and digital assets of the organization, so that it can put in more funds toward the resources which are critical for the organization’s security.
Which of the following key features should SecurityTech Inc. consider in their TI plan for selecting the TI platform?

• A. Search
• B. Open
• C. Workflow
• D. Scoring

Answer: D

NEW QUESTION 11
In which of the following forms of bulk data collection are large amounts of data first collected from multiple sources in multiple formats and then processed to achieve threat intelligence?

• A. Structured form
• B. Hybrid form
• C. Production form
• D. Unstructured form

Answer: D

NEW QUESTION 12
Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.
Connection status and content type
Accept-ranges and last-modified information
X-powered-by information
Web server in use and its version
Which of the following tools should the Tyrion use to view header content?

• A. Hydra
• B. AutoShun
• C. Vanguard enforcer
• D. Burp suite

Answer: D

NEW QUESTION 13
In which of the following storage architecture is the data stored in a localized system, server, or storage hardware and capable of storing a limited amount of data in its database and locally available for data usage?

• A. Distributed storage
• B. Object-based storage
• C. Centralized storage
• D. Cloud storage

Answer: B

NEW QUESTION 14
In a team of threat analysts, two individuals were competing over projecting their own hypotheses on a given malware. However, to find logical proofs to confirm their hypotheses, the threat intelligence manager used a de-biasing strategy that involves learning strategic decision making in the circumstances comprising multistep interactions with numerous representatives, either having or without any perfect relevant information.
Which of the following de-biasing strategies the threat intelligence manager used to confirm their hypotheses?

• A. Game theory
• B. Machine learning
• C. Decision theory
• D. Cognitive psychology

Answer: C

NEW QUESTION 15
Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?

• A. Data collection through passive DNS monitoring
• B. Data collection through DNS interrogation
• C. Data collection through DNS zone transfer
• D. Data collection through dynamic DNS (DDNS)

Answer: B

NEW QUESTION 16
......