Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He
performs hacking to obtain confidential data such as social security numbers, personally identifiable
information (PII) of an employee, and credit card information. After obtaining confidential data, he
further sells the information on the black market to make money.
Daniel comes under which of the following types of threat actor.
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery
locations in the rapidly changing network of compromised bots. In this particular technique, a single
domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?
Kathy wants to ensure that she shares threat intelligence containing sensitive information with the
appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular
Moses, a threat intelligence analyst at InfoTec Inc., wants to find crucial information about the
potential threats the organization is facing by using advanced Google search operators. He wants to
identify whether any fake websites are hosted at the similar to the organizations URL.
Which of the following Google search queries should Moses use?
A team of threat intelligence analysts is performing threat analysis on malware, and each of them
has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic
processes must threat intelligence manager use?
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing
process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and
structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?
Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence
to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?
Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-
threat intelligence analysis. After obtaining information regarding threats, he has started analyzing
the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?
Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis.
While performing data collection process, he used a counterintelligence mechanism where a
recursive DNS server is employed to perform interserver DNS communication and when a request is
generated from any name server to the recursive DNS server, the recursive DNS servers log the
responses that are received. Then it replicates the logged data and stores the data in the central
database. Using these logs, he analyzed the malicious attempts that took place over DNS
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data
John, a professional hacker, is trying to perform APT attack on the target organization network. He
gains access to a single system of a target organization and tries to obtain administrative login
credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?