Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?
Normalization is the process used to organize data to reduce redundancy and improve data integrity. By filtering, tagging, and queuing data, Miley is effectively structuring the data to make it easier to store and share, which aligns with the goals of data normalization.
Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?
The needs of a Red Team typically include intelligence on the latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs). This information is crucial for simulating realistic cyber attacks to test and improve an organization's defenses. Understanding current vulnerabilities and the methods used by threat actors allows the Red Team to accurately assess and enhance the security posture of the organization.
Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?
The stage Michael is currently in is 'Known knowns.' He has already gathered the information regarding the threats and is now analyzing and understanding the nature of those threats. In the context of cyber-threat intelligence, 'Known knowns' refers to threats that are identified and well understood.
Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?
The technique described involves a recursive DNS server logging responses from name server requests and storing this data in a central database for analysis. This method aligns with passive DNS monitoring, which uses such logs to analyze DNS communications for malicious activity. Therefore, data collection through passive DNS monitoring is the correct answer.
John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?
John is currently in the expansion phase of the advanced persistent threat lifecycle. This phase involves gaining further access to other systems in the network after obtaining initial access. By attempting to obtain administrative login credentials, John is trying to move laterally within the network, which is characteristic of this phase.