• Home
  • Articles
  • Free 312-85 Exam Files Downloaded Instantly 100% Dumps & Practice Exam [Q40-Q58]

Free 312-85 Exam Files Downloaded Instantly 100% Dumps & Practice Exam [Q40-Q58]

Share

Free 312-85 Exam Files Downloaded Instantly 100% Dumps & Practice Exam

Free Exam Updates 312-85 dumps with test Engine Practice


ECCouncil 312-85 (Certified Threat Intelligence Analyst) Certification Exam is ideal for professionals who want to enhance their career prospects in the cybersecurity industry. Certified Threat Intelligence Analyst certification is recognized globally and is highly valued by employers. Certified Threat Intelligence Analyst certification demonstrates the candidate's expertise in threat intelligence analysis and program development, making them a valuable asset to any organization that is seeking to improve their cybersecurity posture.

 

NEW QUESTION # 40
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

  • A. DNS interrogation
  • B. DNS zone transfer
  • C. Fast-Flux DNS
  • D. Dynamic DNS

Answer: C


NEW QUESTION # 41
Michael, a threat analyst at an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he started analyzing the information and understanding the nature of the threats.
What stage of cyber-threat intelligence is Michael currently in?

  • A. Unknown knowns
  • B. Unknown unknowns
  • C. Known unknowns
  • D. Known knowns

Answer: D

Explanation:
The stage described involves analyzing gathered information and understanding known threats. This aligns with the Known Knowns stage.
Known Knowns represent threats that have already been identified, understood, and documented. Analysts in this stage work with existing data to refine and interpret known indicators or threat actor behaviors.
Why the Other Options Are Incorrect:
* Unknown unknowns: Threats that are entirely unknown and undetectable with current knowledge.
* Known unknowns: Threats suspected to exist but not yet clearly identified.
* Unknown knowns: Information that exists but has not been analyzed or recognized as relevant.
Conclusion:
Michael is analyzing existing and understood threat data, placing him in the Known Knowns stage of cyber- threat intelligence.
Final Answer: D. Known knowns
Explanation Reference (Based on CTIA Study Concepts):
In the CTIA framework, known knowns refer to threats that are fully understood and documented, forming the basis for structured analysis.


NEW QUESTION # 42
Marry wants to follow an iterative and incremental approach to prioritize requirements in order to protect the important assets of an organization against attacks. She wants to set the requirements based on the order of priority, where the most important requirement must be met first for a greater chance of success. She wants to apply prioritization tasks, scenarios, use cases, tests, and so on.
Which of the following methodologies should Marry use to prioritize the requirements?

  • A. MoSCoW
  • B. Fusion analysis
  • C. Data visualization
  • D. Data sampling

Answer: A

Explanation:
The methodology described-iterative and incremental prioritization of requirements based on importance-perfectly aligns with the MoSCoW method.
MoSCoW stands for:
* M - Must have (critical requirements that are mandatory),
* S - Should have (important but not essential),
* C - Could have (desirable but optional),
* W - Won't have (this time) (deferred or out of scope).
It is widely used in security, risk management, and software development to determine the priority of tasks or requirements that should be implemented first.
By applying MoSCoW, Marry ensures that critical security requirements (such as protecting core assets) are addressed first before moving on to less critical ones.
Why the Other Options Are Incorrect:
* A. Data sampling: Refers to statistical analysis methods, not prioritization.
* C. Data visualization: Used to represent data graphically, not for setting priorities.
* D. Fusion analysis: Used to integrate multiple data sources for intelligence analysis, not requirement prioritization.
Conclusion:
Marry should use the MoSCoW prioritization methodology to structure and prioritize her organization's security requirements.
Final Answer: B. MoSCoW
Explanation Reference (Based on CTIA Study Concepts):
In CTIA's requirement prioritization and planning stages, MoSCoW is used to assign importance levels to intelligence and security requirements for efficient implementation.


NEW QUESTION # 43
A team of threat intelligence analysts is performing threat analysis on malware, and each of them has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic processes must threat intelligence manager use?

  • A. Analysis of competing hypotheses (ACH)
  • B. Automated technical analysis
  • C. Threat modelling
  • D. Application decomposition and analysis (ADA)

Answer: A


NEW QUESTION # 44
Alison, an analyst in an XYZ organization, wants to retrieve information about a company's website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.

  • A. Alison should run the Web Data Extractor tool to extract the required website information.
  • B. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.
  • C. Alison should use SmartWhois to extract the required website information.
  • D. Alison should use https://archive.org to extract the required website information.

Answer: A


NEW QUESTION # 45
A threat analyst wants to incorporate a requirement in the threat knowledge repository that provides an ability to modify or delete past or irrelevant threat data.
Which of the following requirement must he include in the threat knowledge repository to fulfil his needs?

  • A. Data management
  • B. Searchable functionality
  • C. Evaluating performance
  • D. Protection ranking

Answer: A

Explanation:
Incorporating a data management requirement in the threat knowledge repository is essential to provide the ability to modify or delete past or irrelevant threat data. Effective data management practices ensure that the repository remains accurate, relevant, and up-to-date by allowing for the adjustment and curation of stored information. This includes removing outdated intelligence, correcting inaccuracies, and updating information as new insights become available. A well-managed repository supports the ongoing relevance and utility of the threat intelligence, aiding in informed decision-making and threat mitigation strategies.References:
* "Building and Maintaining a Threat Intelligence Library," by Recorded Future
* "Best Practices for Creating a Threat Intelligence Policy, and How to Use It," by SANS Institute


NEW QUESTION # 46
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

  • A. Unexpected patching of systems
  • B. Unusual activity through privileged user account
  • C. Geographical anomalies
  • D. Unusual outbound network traffic

Answer: C


NEW QUESTION # 47
Which of the following characteristics of APT refers to numerous attempts done by the attacker to gain entry to the target's network?

  • A. Risk tolerance
  • B. Attack origination points
  • C. Multiphased
  • D. Timeliness

Answer: C

Explanation:
Advanced Persistent Threats (APTs) are characterized by their 'Multiphased' nature, referring to the various stages or phases the attacker undertakes to breach a network, remain undetected, and achieve their objectives.
This characteristic includes numerous attempts to gain entry to the target's network, often starting with reconnaissance, followed by initial compromise, and progressing through stages such as establishment of a backdoor, expansion, data exfiltration, and maintaining persistence. This multiphased approach allows attackers to adapt and pursue their objectives despite potential disruptions or initial failures in their campaign.References:
* "Understanding Advanced Persistent Threats and Complex Malware," by FireEye
* MITRE ATT&CK Framework, detailing the multiphased nature of adversary tactics and techniques


NEW QUESTION # 48
Which of the following components refers to a node in the network that routes the traffic from a workstation to external command and control server and helps in identification of installed malware in the network?

  • A. Hub
  • B. Repeater
  • C. Network interface card (NIC)
  • D. Gateway

Answer: D

Explanation:
A gateway in a network functions as a node that routes traffic between different networks, such as from a local network to the internet. In the context of cyber threats, a gateway can be utilized to monitor and control the data flow to and from the network, helping in the identification and analysis of malware communications, including traffic to external command and control (C2) servers. This makes it an essential component in detecting installed malware within a network by observing anomalies or unauthorized communications at the network's boundary. Unlike repeaters, hubs, or network interface cards (NICs) that primarily facilitate network connectivity without analyzing the traffic, gateways can enforce security policies and detect suspicious activities.References:
* "Network Security Basics," Security+ Guide to Network Security Fundamentals
* "Malware Command and Control Channels: A Journey," SANS Institute InfoSec Reading Room


NEW QUESTION # 49
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?

  • A. DHCP attacks
  • B. MAC spoofing attack
  • C. Distributed Denial-of-Service (DDoS) attack
  • D. Bandwidth attack

Answer: C

Explanation:
The attack described, where multiple connection requests from different geo-locations are received by a server within a short time span leading to stress and reduced performance, is indicative of a Distributed Denial-of-Service (DDoS) attack. In a DDoS attack, the attacker floods the target's resources (such as a server) with excessive requests from multiple sources, making it difficult for the server to handle legitimate traffic, leading to degradation or outright unavailability of service. The use of multiple geo-locations for the attack sources is a common characteristic of DDoS attacks, making them harder to mitigate.References:
* "Understanding Denial-of-Service Attacks," US-CERT
* "DDoS Quick Guide," DHS/NCCIC


NEW QUESTION # 50
Tech Crunch Inc. has hired John, who is a professional threat intelligence analyst. He was asked to conduct threat intelligence analysis that provides contextual information about the security events and incidents that further help the organization to disclose potential risks, provide greater insight into attacker methodologies, identify past malicious activities, and perform investigations on malicious activities in a more efficient way.
Identify the type of threat intelligence John is going to perform for the organization.

  • A. Tactical threat intelligence
  • B. Strategic threat intelligence
  • C. Operational threat intelligence
  • D. Technical threat intelligence

Answer: C

Explanation:
The description focuses on contextual information about events and incidents, including attacker methodologies, risks, and historical malicious activity. This aligns with Operational Threat Intelligence.
Operational Threat Intelligence provides actionable insights about current or recent attacks, giving context that supports incident response and security operations. It connects individual technical indicators with the larger picture of attacker campaigns and motives.
Why the Other Options Are Incorrect:
* B. Strategic threat intelligence: Focuses on long-term, high-level planning for executives.
* C. Technical threat intelligence: Deals with raw indicators such as hashes, IPs, and URLs.
* D. Tactical threat intelligence: Focuses on adversary TTPs for defense operations, not contextual event analysis.
Conclusion:
John is performing Operational Threat Intelligence, which enriches event data with contextual information for investigation and response.
Final Answer: A. Operational threat intelligence
Explanation Reference (Based on CTIA Study Concepts):
CTIA defines operational threat intelligence as intelligence that provides context for incidents and ongoing attacks, helping organizations understand threats at a campaign or activity level.


NEW QUESTION # 51
Joe works as a threat intelligence analyst with Xsecurity Inc. He is assessing the TI program by comparing the project results with the original objectives by reviewing project charter. He is also reviewing the list of expected deliverables to ensure that each of those is delivered to an acceptable level of quality.
Identify the activity that Joe is performing to assess a TI program's success or failure.

  • A. Identifying areas of further improvement
  • B. Determining the fulfillment of stakeholders
  • C. Conducting a gap analysis
  • D. Determining the costs and benefits associated with the program

Answer: C


NEW QUESTION # 52
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

  • A. DNS interrogation
  • B. DNS zone transfer
  • C. Fast-Flux DNS
  • D. Dynamic DNS

Answer: C

Explanation:
Fast-Flux DNS is a technique used by attackers to hide phishing and malware distribution sites behind an ever-changing network of compromised hosts acting as proxies. It involves rapidly changing the association of domain names with multiple IP addresses, making the detection and shutdown of malicious sites more difficult. This technique contrasts with DNS zone transfers, which involve the replication of DNS data across DNS servers, or Dynamic DNS, which typically involves the automatic updating of DNS records for dynamic IP addresses, but not necessarily for malicious purposes. DNS interrogation involves querying DNS servers to retrieve information about domain names, but it does not involve hiding malicious content. Fast-Flux DNS specifically refers to the rapid changes in DNS records to obfuscate the source of the malicious activity, aligning with the scenario described.References:
* SANS Institute InfoSec Reading Room
* ICANN (Internet Corporation for Assigned Names and Numbers) Security and Stability Advisory Committee


NEW QUESTION # 53
Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?

  • A. Mediated trust
  • B. Validated trust
  • C. Direct historical trust
  • D. Mandated trust

Answer: B


NEW QUESTION # 54
Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?

  • A. Red
  • B. Amber
  • C. White
  • D. Green

Answer: D


NEW QUESTION # 55
Karry, a threat analyst at an XYZ organization, is performing threat intelligence analysis. During the data collection phase, he used a data collection method that involves no participants and is purely based on analysis and observation of activities and processes going on within the local boundaries of the organization.
Identify the type data collection method used by the Karry.

  • A. Active data collection
  • B. Passive data collection
  • C. Raw data collection
  • D. Exploited data collection

Answer: B

Explanation:
Karry's method of collecting data, which involves no active engagement with participants and is purely based on analysis and observation of activities within the organization, is known as passive data collection. This method is characterized by the non-intrusive monitoring of data and events, allowing analysts to gather intelligence without alerting potential adversaries or disrupting ongoing processes. Passive data collection is essential for maintaining operational security and obtaining an unaltered view of system and network activities.
References:
"Passive Data Collection in Cybersecurity," by Cybersecurity Guide
"Understanding Passive and Active Data Collection for Cyber Threat Intelligence," by ThreatConnect


NEW QUESTION # 56
Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.
Connection status and content type
Accept-ranges and last-modified information
X-powered-by information
Web server in use and its version
Which of the following tools should the Tyrion use to view header content?

  • A. Burp suite
  • B. Hydra
  • C. Vanguard enforcer
  • D. AutoShun

Answer: A

Explanation:
Burp Suite is a comprehensive tool used for web application security testing, which includes functionality for viewing and manipulating the HTTP/HTTPS headers of web page requests and responses. This makes it an ideal tool for someone like Tyrion, who is looking to perform website footprinting to gather information hidden in the web page header, such as connection status, content type, server information, and other metadata that can reveal details about the web server and its configuration. Burp Suite allows users to intercept, analyze, and modify traffic between the browser and the web server, which is crucial for uncovering such hidden information.References:
* "Burp Suite Essentials" by Akash Mahajan
* Official Burp Suite Documentation


NEW QUESTION # 57
Walter and Sons Company has faced major cyber attacks and lost confidential data. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.
Which of the following techniques will help Alice to perform qualitative data analysis?

  • A. Finding links between data and discover threat-related information
  • B. Numerical calculations, statistical modeling, measurement, research, and so on.
  • C. Regression analysis, variance analysis, and so on
  • D. Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on

Answer: D

Explanation:
For Alice to perform qualitative data analysis, techniques such as brainstorming, interviewing, SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis, and the Delphi technique are suitable. Unlike quantitative analysis, which involves numerical calculations and statistical modeling, qualitative analysis focuses on understanding patterns, themes, and narratives within the data. These techniques enable the analyst to explore the data's deeper meanings and insights, which are essential for strategic decision-making and developing a nuanced understanding of cybersecurity threats and vulnerabilities.
References:
"Qualitative Research Methods in Cybersecurity," SANS Institute Reading Room
"The Delphi Method for Cybersecurity Risk Assessment," by Cybersecurity and Infrastructure Security Agency (CISA)


NEW QUESTION # 58
......

Provide Valid Dumps To Help You Prepare For Certified Threat Intelligence Analyst Exam: https://www.practicevce.com/ECCouncil/312-85-practice-exam-dumps.html

Updated Verified 312-85 dumps Q&As - 100% Pass Guaranteed: https://drive.google.com/open?id=1DYJ3ljw9vPgw1HB97kz_f3RaQRSUdSee

Related Articles

more
ECCouncil 312-85 Certification Practice Exam