Questions for the 312-85 were updated on : Jul 20 ,2024
Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He
performs hacking to obtain confidential data such as social security numbers, personally identifiable
information (PII) of an employee, and credit card information. After obtaining confidential data, he
further sells the information on the black market to make money.
Daniel comes under which of the following types of threat actor.
D
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery
locations in the rapidly changing network of compromised bots. In this particular technique, a single
domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?
D
Kathy wants to ensure that she shares threat intelligence containing sensitive information with the
appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular
community?
D
Moses, a threat intelligence analyst at InfoTec Inc., wants to find crucial information about the
potential threats the organization is facing by using advanced Google search operators. He wants to
identify whether any fake websites are hosted at the similar to the organizations URL.
Which of the following Google search queries should Moses use?
A
A team of threat intelligence analysts is performing threat analysis on malware, and each of them
has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic
processes must threat intelligence manager use?
C
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing
process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and
structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?
B
Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence
to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?
B
Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-
threat intelligence analysis. After obtaining information regarding threats, he has started analyzing
the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?
C
Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis.
While performing data collection process, he used a counterintelligence mechanism where a
recursive DNS server is employed to perform interserver DNS communication and when a request is
generated from any name server to the recursive DNS server, the recursive DNS servers log the
responses that are received. Then it replicates the logged data and stores the data in the central
database. Using these logs, he analyzed the malicious attempts that took place over DNS
infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data
collection?
B
John, a professional hacker, is trying to perform APT attack on the target organization network. He
gains access to a single system of a target organization and tries to obtain administrative login
credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?
C
Jim works as a security analyst in a large multinational company. Recently, a group of hackers
penetrated into their organizational network and used a data staging technique to collect sensitive
dat
a. They collected all sorts of sensitive data about the employees and customers, business tactics of
the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?
C
Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a
threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to
establish trust between sharing partners. In the trust model used by him, the first organization makes
use of a body of evidence in a second organization, and the level of trust between two organizations
depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?
D
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a
connection request from a remote host to the server. From this data, he obtains only the IP address
of the source and destination but no contextual information. While processing this data, he obtains
contextual information stating that multiple connection requests from different geo-locations are
received by the server within a short time span, and as a result, the server is stressed and gradually
its performance has reduced. He further performed analysis on the information based on the past
and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?
C
Jame, a professional hacker, is trying to hack the confidential information of a target organization. He
identified the vulnerabilities in the target system and created a tailored deliverable malicious
payload using an exploit and a backdoor to send it to the victim.
Which of the following phases of cyber kill chain methodology is Jame executing?
C
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find
any evidence of compromise. During the network monitoring, he came to know that there are
multiple logins from different locations in a short time span. Moreover, he also observed certain
irregular log in patterns from locations where the organization does not have business relations. This
resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?
C