Eccouncil 312-85 Exam Questions Instant Access

Question 1

Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages:

Stage 1: Build asset-based threat profiles

Stage 2: Identify infrastructure vulnerabilities

Stage 3: Develop security strategy and plans

Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

ATRIKE

BVAST

COCTAVE

DDREAD

Answer : C

The threat modeling methodology employed by Lizzy, which involves building asset-based threat profiles, identifying infrastructure vulnerabilities, and developing security strategies and plans, aligns with the OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) methodology. OCTAVE focuses on organizational risk and security practices, emphasizing self-directed risk assessments to identify and prioritize threats to organizational assets and develop appropriate security strategies and plans. This methodology is asset-driven and revolves around understanding critical assets, identifying threats to those assets, and assessing vulnerabilities, leading to the development of a comprehensive security strategy. Reference:

The CERT Guide to System and Network Security Practices by Julia H. Allen

'OCTAVE Method Implementation Guide Version 2.0,' Carnegie Mellon University, Software Engineering Institute

Question 2

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).

Which TLP color would you signify that information should be shared only within a particular community?

ARed

BWhite

CGreen

DAmber

Answer : D

In the Traffic Light Protocol (TLP), the color amber signifies that the information should be limited to those who have a need-to-know within the specified community or organization, and not further disseminated without permission. TLP Red indicates information that should not be disclosed outside of the originating organization. TLP Green indicates information that is limited to the community but can be disseminated within the community without restriction. TLP White, or TLP Clear, indicates information that can be shared freely with no restrictions. Therefore, for information meant to be shared within a particular community with some restrictions on further dissemination, TLP Amber is the appropriate designation. Reference:

FIRST (Forum of Incident Response and Security Teams) Traffic Light Protocol (TLP) Guidelines

CISA (Cybersecurity and Infrastructure Security Agency) TLP Guidelines

Question 3

Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.

Connection status and content type

Accept-ranges and last-modified information

X-powered-by information

Web server in use and its version

Which of the following tools should the Tyrion use to view header content?

AHydra

BAutoShun

CVanguard enforcer

DBurp suite

Answer : D

Burp Suite is a comprehensive tool used for web application security testing, which includes functionality for viewing and manipulating the HTTP/HTTPS headers of web page requests and responses. This makes it an ideal tool for someone like Tyrion, who is looking to perform website footprinting to gather information hidden in the web page header, such as connection status, content type, server information, and other metadata that can reveal details about the web server and its configuration. Burp Suite allows users to intercept, analyze, and modify traffic between the browser and the web server, which is crucial for uncovering such hidden information. Reference:

'Burp Suite Essentials' by Akash Mahajan

Official Burp Suite Documentation

Question 4

An organization suffered many major attacks and lost critical information, such as employee records, and financial information. Therefore, the management decides to hire a threat analyst to extract the strategic threat intelligence that provides high-level information regarding current cyber-security posture, threats, details on the financial impact of various cyber-activities, and so on.

Which of the following sources will help the analyst to collect the required intelligence?

AActive campaigns, attacks on other organizations, data feeds from external third parties

BOSINT, CTI vendors, ISAO/ISACs

CCampaign reports, malware, incident reports, attack group reports, human intelligence

DHuman, social media, chat rooms

Answer : B

For gathering strategic threat intelligence that provides a high-level overview of the current cybersecurity posture, potential financial impacts of cyber activities, and overarching threats, sources such as Open Source Intelligence (OSINT), Cyber Threat Intelligence (CTI) vendors, and Information Sharing and Analysis Organizations (ISAOs)/Information Sharing and Analysis Centers (ISACs) are invaluable. OSINT involves collecting data from publicly available sources, CTI vendors specialize in providing detailed threat intelligence services, and ISAOs/ISACs facilitate the sharing of threat data within specific industries or communities. These sources can provide broad insights into threat landscapes, helping organizations understand how to align their cybersecurity strategies with current trends and threats. Reference:

'Cyber Threat Intelligence: Sources and Methods,' by Max Kilger, Ph.D., SANS Institute Reading Room

'Open Source Intelligence (OSINT): An Introduction to the Basic Concepts and the Potential Benefits for Information Security,' by Kevin Cardwell, IEEE Xplore

Question 5

Which of the following types of threat attribution deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target?

ANation-state attribution

BTrue attribution

CCampaign attribution

DIntrusion-set attribution

Answer : B

True attribution in the context of cyber threats involves identifying the actual individual, group, or nation-state behind an attack or intrusion. This type of attribution goes beyond associating an attack with certain tactics, techniques, and procedures (TTPs) or a known group and aims to pinpoint the real-world entity responsible. True attribution is challenging due to the anonymity of the internet and the use of obfuscation techniques by attackers, but it is crucial for understanding the motive behind an attack and for forming appropriate responses at diplomatic, law enforcement, or cybersecurity levels. Reference:

'Attribution of Cyber Attacks: A Framework for an Evidence-Based Analysis' by Jason Healey

'The Challenges of Attribution in Cyberspace' in the Journal of Cyber Policy

Question 6

SecurityTech Inc. is developing a TI plan where it can drive more advantages in less funds. In the process of selecting a TI platform, it wants to incorporate a feature that ranks elements such as intelligence sources, threat actors, attacks, and digital assets of the organization, so that it can put in more funds toward the resources which are critical for the organization's security.

Which of the following key features should SecurityTech Inc. consider in their TI plan for selecting the TI platform?

ASearch

BOpen

CWorkflow

DScoring

Answer : D

Incorporating a scoring feature in a Threat Intelligence (TI) platform allows SecurityTech Inc. to evaluate and prioritize intelligence sources, threat actors, specific types of attacks, and the organization's digital assets based on their relevance and threat level to the organization. This prioritization helps in allocating resources more effectively, focusing on protecting critical assets and countering the most significant threats. A scoring system can be based on various criteria such as the severity of threats, the value of assets, the reliability of intelligence sources, and the potential impact of threat actors or attack vectors. By quantifying these elements, SecurityTech Inc. can make informed decisions on where to invest its limited funds to enhance its security posture most effectively. Reference:

'Designing and Building a Cyber Threat Intelligence Capability' by the SANS Institute

'Threat Intelligence: What It Is, and How to Use It Effectively' by Gartner

Question 7

An analyst is conducting threat intelligence analysis in a client organization, and during the information gathering process, he gathered information from the publicly available sources and analyzed to obtain a rich useful form of intelligence. The information source that he used is primarily used for national security, law enforcement, and for collecting intelligence required for business or strategic decision making.

Which of the following sources of intelligence did the analyst use to collect information?

AOPSEC

BISAC

COSINT

DSIGINT

Answer : C

The analyst used Open Source Intelligence (OSINT) to gather information from publicly available sources. OSINT involves collecting and analyzing information from publicly accessible sources to produce actionable intelligence. This can include media reports, public government data, professional and academic publications, and information available on the internet. OSINT is widely used for national security, law enforcement, and business intelligence purposes, providing a rich source of information for making informed decisions and understanding the threat landscape. Reference:

'Open Source Intelligence (OSINT) Tools and Techniques,' by SANS Institute

'The Role of OSINT in Cybersecurity and Threat Intelligence,' by Recorded Future

Eccouncil Certified Threat Intelligence Analyst 312-85 Exam Questions