Brilliant 312-85 Exam Dumps Get 312-85 Dumps PDF [Q45-Q68]

Share

Brilliant 312-85 Exam Dumps Get 312-85 Dumps PDF

312-85 Dumps PDF - 312-85 Real Exam Questions Answers

NEW QUESTION # 45
Flora, a threat intelligence analyst at PanTech Cyber Solutions, is working on a threat intelligence program.
She is trying to collect the company's crucial information through online job sites.
Which of the following information will Flora obtain through job sites?

  • A. Top-level domains and subdomains of the company
  • B. Hardware and software information, network-related information, and technologies used by the company
  • C. Open ports and services

Answer: B

Explanation:
When attackers or analysts search job postings on online job portals, they often uncover technical details inadvertently shared by organizations.
Job listings frequently mention:
* Hardware and software used (e.g., "experience with Cisco firewalls, Windows Server 2019").
* Network details and tools (e.g., "knowledge of LAN/WAN, AWS, Azure").
* Security technologies (e.g., "SIEM tools like Splunk or QRadar").
This information can help analysts identify the technological footprint of the company, which is valuable during threat profiling or reconnaissance.
Why the Other Options Are Incorrect:
* B. Top-level domains and subdomains: Obtained through DNS enumeration tools, not job sites.
* C. Open ports and services: Found through active scanning tools like Nmap, not via job postings.
Conclusion:
Flora can obtain hardware, software, and network-related information from online job listings.
Final Answer: A. Hardware and software information, network-related information, and technologies used by the company Explanation Reference (Based on CTIA Study Concepts):
CTIA recognizes online job sites as OSINT sources that can reveal technical environment details about organizations.


NEW QUESTION # 46
Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?

  • A. Red
  • B. Green
  • C. Amber
  • D. White

Answer: B


NEW QUESTION # 47
In which of the following forms of bulk data collection are large amounts of data first collected from multiple sources in multiple formats and then processed to achieve threat intelligence?

  • A. Production form
  • B. Unstructured form
  • C. Structured form
  • D. Hybrid form

Answer: B

Explanation:
In the context of bulk data collection for threat intelligence, data is often initially collected in an unstructured form from multiple sources and in various formats. This unstructured data includes information from blogs, news articles, threat reports, social media, and other sources that do not follow a specific structure or format.
The subsequent processing of this data involves organizing, structuring, and analyzing it to extract actionable threat intelligence. This phase is crucial for turning vast amounts of disparate data into coherent, useful insights for cybersecurity purposes.References:
* "The Role of Unstructured Data in Cyber Threat Intelligence," by Jason Trost, Anomali
* "Turning Unstructured Data into Cyber Threat Intelligence," by Giorgio Mosca, IEEE Xplore


NEW QUESTION # 48
What is the correct sequence of steps involved in scheduling a threat intelligence program?
1. Review the project charter
2. Identify all deliverables
3. Identify the sequence of activities
4. Identify task dependencies
5. Develop the final schedule
6. Estimate duration of each activity
7. Identify and estimate resources for all activities
8. Define all activities
9. Build a work breakdown structure (WBS)

  • A. 1-->2-->3-->4-->5-->6-->9-->8-->7
  • B. 1-->9-->2-->8-->3-->7-->4-->6-->5
  • C. 3-->4-->5-->2-->1-->9-->8-->7-->6
  • D. 1-->2-->3-->4-->5-->6-->7-->8-->9

Answer: B

Explanation:
The correct sequence for scheduling a threat intelligence program involves starting with the foundational steps of defining the project scope and objectives, followed by detailed planning and scheduling of tasks. The sequence starts with reviewing the project charter (1) to understand the project's scope, objectives, and constraints. Next, building a Work Breakdown Structure (WBS) (9) helps in organizing the team's work into manageable sections. Identifying all deliverables (2) clarifies the project's outcomes. Defining all activities (8) involves listing the tasks required to produce the deliverables. Identifying the sequence of activities (3) and estimating resources (7) and task dependencies (4) sets the groundwork for scheduling. Estimating the duration of each activity (6) is critical before developing the final schedule (5), which combines all these elements into a comprehensive plan. This approach ensures a structured and methodical progression from project initiation to execution.
References:
"A Guide to the Project Management Body of Knowledge (PMBOK Guide)," Project Management Institute
"Cyber Intelligence-Driven Risk," by Intel471


NEW QUESTION # 49
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?

  • A. Distributed Denial-of-Service (DDoS) attack
  • B. MAC spoofing attack
  • C. DHCP attacks
  • D. Bandwidth attack

Answer: A


NEW QUESTION # 50
A company, TechSoft Solutions, implemented a threat intelligence program and began developing operational capabilities obtained in the previous levels and created an organized team approach for strategic analysis. The company also established necessary intelligence processes and workflows to extract their own threat intelligence.
Identify the threat intelligence maturity level at which the company stands.

  • A. Level 1: Preparing for CTI
  • B. Level 4: Well-defined CTI program
  • C. Level 3: CTI program in place
  • D. Level 2: Increasing CTI capabilities

Answer: C

Explanation:
The description indicates that the organization has:
* Developed operational capabilities,
* Formed an organized team approach,
* Established defined processes and workflows,
* Begun producing its own intelligence.
These attributes align with Level 3: CTI Program in Place of the Threat Intelligence Maturity Model.
At this level, organizations have a structured and functioning Cyber Threat Intelligence (CTI) program that collects, analyzes, and produces intelligence internally, aligning with operational and strategic needs.
Why the Other Options Are Incorrect:
* Level 1: Preparing for CTI: Organization is only exploring CTI, with no established program.
* Level 2: Increasing CTI capabilities: Some capabilities are emerging but processes are not yet fully organized.
* Level 4: Well-defined CTI program: Represents the most advanced maturity, with automation, integration, and full optimization across all departments.
Conclusion:
TechSoft Solutions is at Level 3, where a CTI program is actively in place and producing internal threat intelligence.
Final Answer: D. Level 3: CTI program in place
Explanation Reference (Based on CTIA Study Concepts):
CTIA defines Level 3 as the stage where an organization has established operational CTI capabilities and formalized processes for producing and sharing intelligence.


NEW QUESTION # 51
Tim is working as an analyst in an ABC organization. His organization had been facing many challenges in converting the raw threat intelligence data into meaningful contextual information. After inspection, he found that it was due to noise obtained from misrepresentation of data from huge data collections. Hence, it is important to clean the data before performing data analysis using techniques such as data reduction. He needs to choose an appropriate threat intelligence framework that automatically performs data collection, filtering, and analysis for his organization.
Which of the following threat intelligence frameworks should he choose to perform such task?

  • A. TC complete
  • B. Threat grid
  • C. HighCharts
  • D. SIGVERIF

Answer: A


NEW QUESTION # 52
In a team of threat analysts, two individuals were competing over projecting their own hypotheses on a given malware. However, to find logical proofs to confirm their hypotheses, the threat intelligence manager used a de-biasing strategy that involves learning strategic decision making in the circumstances comprising multistep interactions with numerous representatives, either having or without any perfect relevant information.
Which of the following de-biasing strategies the threat intelligence manager used to confirm their hypotheses?

  • A. Cognitive psychology
  • B. Decision theory
  • C. Game theory
  • D. Machine learning

Answer: C

Explanation:
Game theory is a mathematical framework designed for understanding strategic situations where individuals' or groups' outcomes depend on their choices and the choices of others. In the context of threat intelligence analysis, game theory can be used as a de-biasing strategy to help understand and predict the actions of adversaries and defenders. By considering the various strategies and potential outcomes in a 'game' where each player's payoff is affected by the actions of others, analysts can overcome their biases and evaluate hypotheses more objectively. This approach is particularly useful in scenarios involving multiple actors with different goals and incomplete information.
References:
"Game Theory and Its Applications in Cybersecurity" in the International Journal of Computer Science and Information Security
"Applying Game Theory to Cybersecurity" by the SANS Institute


NEW QUESTION # 53
Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He performs hacking to obtain confidential data such as social security numbers, personally identifiable information (PII) of an employee, and credit card information. After obtaining confidential data, he further sells the information on the black market to make money.
Daniel comes under which of the following types of threat actor.

  • A. Industrial spies
  • B. Insider threat
  • C. Organized hackers
  • D. State-sponsored hackers

Answer: C

Explanation:
Daniel's activities align with those typically associated with organized hackers. Organized hackers or cybercriminals work in groups with the primary goal of financial gain through illegal activities such as stealing and selling data. These groups often target large amounts of data, including personal and financial information, which they can monetize by selling on the black market or dark web. Unlike industrial spies who focuson corporate espionage or state-sponsored hackers who are backed by nation-states for political or military objectives, organized hackers are motivated by profit. Insider threats, on the other hand, come from within the organization and might not always be motivated by financial gain. The actions described in the scenario-targeting personal and financial information for sale-best fit the modus operandi of organized cybercriminal groups.References:
* ENISA (European Union Agency for Cybersecurity) Threat Landscape Report
* Verizon Data Breach Investigations Report


NEW QUESTION # 54
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?

  • A. Convenience sampling
  • B. Normalization
  • C. Data visualization
  • D. Sandboxing

Answer: B

Explanation:
Normalization in the context of data analysis refers to the process of organizing data to reduce redundancy and improve efficiency in storing and sharing. By filtering, tagging, and queuing, Miley is effectively normalizing the data-converting it from various unstructured formats into a structured, more accessible format. This makes the data easier to analyze, store, and share. Normalization is crucial in cybersecurity and threat intelligence to manage the vast amounts of data collected and ensure that only relevant data is retained and analyzed. This technique contrasts with sandboxing, which is used for isolating and analyzing suspicious code; data visualization, which involves representing data graphically; and convenience sampling, which is a method of sampling where samples are taken from a group that is conveniently accessible.
References:
"The Application of Data Normalization to Database Security," International Journal of Computer Science Issues SANS Institute Reading Room, "Data Normalization Considerations in Cyber Threat Intelligence"


NEW QUESTION # 55
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

  • A. Dynamic DNS
  • B. Fast-Flux DNS
  • C. DNS interrogation
  • D. DNS zone transfer

Answer: B

Explanation:
Fast-Flux DNS is a technique used by attackers to hide phishing and malware distribution sites behind an ever-changing network of compromised hosts acting as proxies. It involves rapidly changing the association of domain names with multiple IP addresses, making the detection and shutdown of malicious sites more difficult. This technique contrasts with DNS zone transfers, which involve the replication of DNS data across DNS servers, or Dynamic DNS, which typically involves the automatic updating of DNS records for dynamic IP addresses, but not necessarily for malicious purposes. DNS interrogation involves querying DNS servers to retrieve information about domain names, but it does not involve hiding malicious content. Fast-Flux DNS specifically refers to the rapid changes in DNS records to obfuscate the source of the malicious activity, aligning with the scenario described.References:
* SANS Institute InfoSec Reading Room
* ICANN (Internet Corporation for Assigned Names and Numbers) Security and Stability Advisory Committee


NEW QUESTION # 56
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy.
She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?

  • A. Convenience sampling
  • B. Normalization
  • C. Data visualization
  • D. Sandboxing

Answer: B

Explanation:
Normalization in the context of data analysis refers to the process of organizing data to reduce redundancy and improve efficiency in storing and sharing. By filtering, tagging, and queuing, Miley is effectively normalizing the data-converting it from various unstructured formats into a structured, more accessible format. This makes the data easierto analyze, store, and share. Normalization is crucial in cybersecurity and threat intelligence to manage the vast amounts of data collected and ensure that only relevant data is retained and analyzed. This technique contrasts with sandboxing, which is used for isolating and analyzing suspicious code; data visualization, which involves representing data graphically; and convenience sampling, which is a method of sampling where samples are taken from a group that is conveniently accessible.References:
* "The Application of Data Normalization to Database Security," International Journal of Computer Science Issues
* SANS Institute Reading Room, "Data Normalization Considerations in Cyber Threat Intelligence"


NEW QUESTION # 57
While monitoring network activities, an unusual surge in outbound traffic was noticed, and a potential security incident was suspected. In the context of incident responses, what is the initial stage at which you actively recognize and confirm the presence of an incident?

  • A. Containment
  • B. Recovery
  • C. Identification
  • D. Eradication

Answer: C

Explanation:
In the incident response process, the Identification phase is the first active stage where analysts and responders detect and confirm that a security incident has occurred or is in progress.
When an unusual surge in outbound traffic is observed, analysts start investigating alerts, logs, and events to determine whether the activity indicates a genuine security incident. This process includes correlating data, analyzing patterns, and confirming abnormal or malicious behavior. Once confirmed, the situation moves officially from an event to an incident.
Key Objectives of the Identification Phase:
* Detect potential security events through monitoring and alerts.
* Analyze anomalies to verify if an incident truly exists.
* Classify and prioritize the incident based on severity and impact.
* Document findings for escalation to containment and eradication stages.
Why the Other Options Are Incorrect:
* B. Recovery:This is a later phase where systems are restored to normal operations after an incident has been resolved. It occurs after containment and eradication.
* C. Containment:This phase involves isolating affected systems to prevent the spread or escalation of the incident. It happens after identification.
* D. Eradication:This phase focuses on removing the root cause of the incident (e.g., deleting malware, closing vulnerabilities) and also occurs after containment.
Conclusion:
The initial stage where the presence of a security incident is recognized and confirmed is the Identification phase.
Final Answer: A. Identification
Explanation Reference (Based on CTIA Study Concepts):
According to the CTIA study materials under the section "Incident Response Integration and Threat Intelligence," the Identification phase is where organizations detect and verify anomalies, confirming whether a security incident has occurred before proceeding to containment and recovery.


NEW QUESTION # 58
Moses, a threat intelligence analyst at InfoTec Inc., wants to find crucial information about the potential threats the organization is facing by using advanced Google search operators. He wants to identify whether any fake websites are hosted at the similar to the organization's URL.
Which of the following Google search queries should Moses use?

  • A. related: www.infothech.org
  • B. link: www.infothech.org
  • C. cache: www.infothech.org
  • D. info: www.infothech.org

Answer: A

Explanation:
The "related:" Google search operator is used to find websites that are similar or related to a specified URL.
In the context provided, Moses wants to identify fake websites that may be posing as or are similar to his organization's official site. By using the "related:" operator followed by his organization's URL, Google will return a list of websites that Google considers to be similar to the specified site. This can help Moses identify potential impersonating websites that could be used for phishing or other malicious activities. The "info:",
"link:", and "cache:" operators serve different purposes; "info:" provides information about the specified webpage, "link:" used to be used to find pages linking to a specific URL (but is now deprecated), and "cache:" shows the cached version of the specified webpage.
References:
Google Search Operators Guide by Moz
Google Advanced Search Help Documentation


NEW QUESTION # 59
Jame, a professional hacker, is trying to hack the confidential information of a target organization. He identified the vulnerabilities in the target system and created a tailored deliverable malicious payload using an exploit and a backdoor to send it to the victim.
Which of the following phases of cyber kill chain methodology is Jame executing?

  • A. Reconnaissance
  • B. Exploitation
  • C. Installation
  • D. Weaponization

Answer: D

Explanation:
In the cyber kill chain methodology, the phase where Jame is creating a tailored malicious deliverable that includes an exploit and a backdoor is known as 'Weaponization'. During this phase, the attacker prepares by coupling a payload, such as a virus or worm, with an exploit into a deliverable format, intending to compromise the target's system. This step follows the initial 'Reconnaissance' phase, where the attacker gathers information on the target, and precedes the 'Delivery' phase, where the weaponized bundle is transmitted to the target. Weaponization involves the preparation of the malware to exploit the identified vulnerabilities in the target system.References:
* Lockheed Martin's Cyber Kill Chain framework
* "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," leading to the development of the Cyber Kill Chain framework


NEW QUESTION # 60
ABC is a well-established cyber-security company in the United States. The organization implemented the automation of tasks such as data enrichment and indicator aggregation. They also joined various communities to increase their knowledge about the emerging threats. However, the security teams can only detect and prevent identified threats in a reactive approach.
Based on threat intelligence maturity model, identify the level of ABC to know the stage at which the organization stands with its security and vulnerabilities.

  • A. Level 3: CTI program in place
  • B. Level 1: preparing for CTI
  • C. Level 2: increasing CTI capabilities
  • D. Level 0: vague where to start

Answer: C


NEW QUESTION # 61
Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?

  • A. Direct historical trust
  • B. Mandated trust
  • C. Validated trust
  • D. Mediated trust

Answer: C

Explanation:
In the trust model described, where trust between two organizations depends on the degree and quality of evidence provided by the first organization, the model in use is 'Validated Trust.' This model relies on the validation of evidence or credentials presented by one party to another to establish trust. The validation process assesses the credibility, reliability, and relevance of the information shared, forming the basis of the trust relationship between the sharing partners. This approach is common in threat intelligence sharing where the accuracy and reliability of shared information are critical.
References:
"Building a Cybersecurity Culture," ISACA
"Trust Models in Information Security," Journal of Internet Services and Applications


NEW QUESTION # 62
Alison, an analyst in an XYZ organization, wants to retrieve information about a company's website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.

  • A. Alison should use https://archive.org to extract the required website information.
  • B. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.
  • C. Alison should use SmartWhois to extract the required website information.
  • D. Alison should run the Web Data Extractor tool to extract the required website information.

Answer: A

Explanation:
To retrieve historical information about a company's website, including content that may have been removed or altered, Alison should use the Internet Archive's Wayback Machine, accessible at https://archive.org. The Wayback Machine is a digital archive of the World Wide Web and other information on the Internet, providing free access to snapshots of websites at various points in time. This tool is invaluable for researchers and analysts looking to understand the evolution of a website or recover lost information.
References:
"Using the Wayback Machine for Cybersecurity Research," Internet Archive Blogs
"Digital Forensics with the Archive's Wayback Machine," by Jeff Kaplan, Internet Archive


NEW QUESTION # 63
Mr. Bob, a threat analyst, is performing analysis of competing hypotheses (ACH). He has reached to a stage where he is required to apply his analysis skills effectively to reject as many hypotheses and select the best hypotheses from the identified bunch of hypotheses, and this is done with the help of listed evidence. Then, he prepares a matrix where all the screened hypotheses are placed on the top, and the listed evidence for the hypotheses are placed at the bottom.
What stage of ACH is Bob currently in?

  • A. Inconsistency
  • B. Evidence
  • C. Diagnostics
  • D. Refinement

Answer: C


NEW QUESTION # 64
Marry wants to follow an iterative and incremental approach to prioritize requirements in order to protect the important assets of an organization against attacks. She wants to set the requirements based on the order of priority, where the most important requirement must be met first for a greater chance of success. She wants to apply prioritization tasks, scenarios, use cases, tests, and so on.
Which of the following methodologies should Marry use to prioritize the requirements?

  • A. MoSCoW
  • B. Data sampling
  • C. Data visualization
  • D. Fusion analysis

Answer: A

Explanation:
The methodology described-iterative and incremental prioritization of requirements based on importance-perfectly aligns with the MoSCoW method.
MoSCoW stands for:
* M - Must have (critical requirements that are mandatory),
* S - Should have (important but not essential),
* C - Could have (desirable but optional),
* W - Won't have (this time) (deferred or out of scope).
It is widely used in security, risk management, and software development to determine the priority of tasks or requirements that should be implemented first.
By applying MoSCoW, Marry ensures that critical security requirements (such as protecting core assets) are addressed first before moving on to less critical ones.
Why the Other Options Are Incorrect:
* A. Data sampling: Refers to statistical analysis methods, not prioritization.
* C. Data visualization: Used to represent data graphically, not for setting priorities.
* D. Fusion analysis: Used to integrate multiple data sources for intelligence analysis, not requirement prioritization.
Conclusion:
Marry should use the MoSCoW prioritization methodology to structure and prioritize her organization's security requirements.
Final Answer: B. MoSCoW
Explanation Reference (Based on CTIA Study Concepts):
In CTIA's requirement prioritization and planning stages, MoSCoW is used to assign importance levels to intelligence and security requirements for efficient implementation.


NEW QUESTION # 65
Tracy works as a CISO in a large multinational company. She consumes threat intelligence to understand the changing trends of cyber security. She requires intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, improvement of processes, and staff. The intelligence helps her in minimizing business risks and protecting the new technology and business initiatives.
Identify the type of threat intelligence consumer is Tracy.

  • A. Tactical users
  • B. Strategic users
  • C. Technical users
  • D. Operational users

Answer: B


NEW QUESTION # 66
In which of the following storage architecture is the data stored in a localized system, server, or storage hardware and capable of storing a limited amount of data in its database and locally available for data usage?

  • A. Cloud storage
  • B. Object-based storage
  • C. Distributed storage
  • D. Centralized storage

Answer: D


NEW QUESTION # 67
Alison, an analyst in an XYZ organization, wants to retrieve information about a company's website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.

  • A. Alison should use https://archive.org to extract the required website information.
  • B. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.
  • C. Alison should use SmartWhois to extract the required website information.
  • D. Alison should run the Web Data Extractor tool to extract the required website information.

Answer: A

Explanation:
To retrieve historical information about a company's website, including content that may have been removed or altered, Alison should use the Internet Archive's Wayback Machine, accessible athttps://archive.org. The Wayback Machine is a digital archive of the World Wide Web and other information on the Internet, providing free access to snapshots of websites at various points in time. This tool is invaluable for researchers and analysts looking to understand the evolution of a website or recover lost information.References:
* "Using the Wayback Machine for Cybersecurity Research," Internet Archive Blogs
* "Digital Forensics with the Archive's Wayback Machine," by Jeff Kaplan, Internet Archive


NEW QUESTION # 68
......

Valid 312-85 Test Answers & ECCouncil 312-85 Exam PDF: https://www.fast2test.com/312-85-premium-file.html

Realistic 312-85 Exam Dumps with Accurate & Updated Questions: https://drive.google.com/open?id=1fyeKXM1GD-J0hnrho1V9IU20TXwMfwHI

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어