Certshared now are offering 100% pass ensure 312-85 dumps!

https://www.certshared.com/exam/312-85/ (49 Q&As)

EC-Council
Exam Questions 312-85
Certified Threat Intelligence Analyst

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure 312-85 dumps!
https://www.certshared.com/exam/312-85/ (49 Q&As)

NEW QUESTION 1
An analyst wants to disseminate the information effectively so that the consumers can acquire and benefit out of the intelligence.
Which of the following criteria must an analyst consider in order to make the intelligence concise, to the point, accurate, and easily understandable and must
consist of a right balance between tables, narrative, numbers, graphics, and multimedia?

A. The right time

B. The right presentation
C. The right order
D. The right content

Answer: B

NEW QUESTION 2
Sam works as an analyst in an organization named InfoTech Security. He was asked to collect information from various threat intelligence sources. In meeting the
deadline, he forgot to verify the threat intelligence sources and used data from an open-source data provider, who offered it at a very low cost. Through it was
beneficial at the initial stage but relying on such data providers can produce unreliable data and noise putting the organization network into risk.
What mistake Sam did that led to this situation?

A. Sam used unreliable intelligence sources.

B. Sam used data without context.
C. Sam did not use the proper standardization formats for representing threat data.
D. Sam did not use the proper technology to use or consume the information.

Answer: D

NEW QUESTION 3
Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data
staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization,
financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?

A. Jim should identify the attack at an initial stage by checking the content of the user agent field.
B. Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.
C. Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.
D. Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and
so on.

Answer: C

NEW QUESTION 4
Tim is working as an analyst in an ABC organization. His organization had been facing many challenges in converting the raw threat intelligence data into
meaningful contextual information. After inspection, he found that it was due to noise obtained from misrepresentation of data from huge data collections. Hence, it
is important to clean the data before performing data analysis using techniques such as data reduction. He needs to choose an appropriate threat intelligence
framework that automatically performs data collection, filtering, and analysis for his organization.
Which of the following threat intelligence frameworks should he choose to perform such task?

A. HighCharts
B. SIGVERIF
C. Threat grid
D. TC complete

Answer: D

NEW QUESTION 5
Kim, an analyst, is looking for an intelligence-sharing platform to gather and share threat information from a variety of sources. He wants to use this information to
develop security policies to enhance the overall security posture of his organization.
Which of the following sharing platforms should be used by Kim?

A. Cuckoo sandbox
B. OmniPeek
C. PortDroid network analysis
D. Blueliv threat exchange network

Answer: D

NEW QUESTION 6
Cybersol Technologies initiated a cyber-threat intelligence program with a team of threat intelligence analysts.
During the process, the analysts started converting the raw data into useful information by applying various techniques, such as machine-based techniques, and
statistical methods.
In which of the following phases of the threat intelligence lifecycle is the threat intelligence team currently working?

A. Dissemination and integration

B. Planning and direction
C. Processing and exploitation
D. Analysis and production

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure 312-85 dumps!
https://www.certshared.com/exam/312-85/ (49 Q&As)

Answer: A

NEW QUESTION 7
Which of the following characteristics of APT refers to numerous attempts done by the attacker to gain entry to the target’s network?

A. Risk tolerance
B. Timeliness
C. Attack origination points
D. Multiphased

Answer: C

NEW QUESTION 8
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring,
he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from
locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

A. Unusual outbound network traffic

B. Unexpected patching of systems
C. Unusual activity through privileged user account
D. Geographical anomalies

Answer: C

NEW QUESTION 9
Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He performs hacking to obtain confidential data such as social
security numbers, personally identifiable information (PII) of an employee, and credit card information. After obtaining confidential data, he further sells the
information on the black market to make money.
Daniel comes under which of the following types of threat actor.

A. Industrial spies
B. State-sponsored hackers
C. Insider threat
D. Organized hackers

Answer: D

NEW QUESTION 10
During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary’s information, such as Modus operandi,
tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.

A. Operational threat intelligence analysis

B. Technical threat intelligence analysis
C. Strategic threat intelligence analysis
D. Tactical threat intelligence analysis

Answer: D

NEW QUESTION 10
In which of the following attacks does the attacker exploit vulnerabilities in a computer application before the software developer can release a patch for them?

A. Active online attack

B. Zero-day attack
C. Distributed network attack
D. Advanced persistent attack

Answer: B

NEW QUESTION 12
Karry, a threat analyst at an XYZ organization, is performing threat intelligence analysis. During the data collection phase, he used a data collection method that
involves no participants and is purely based on analysis and observation of activities and processes going on within the local boundaries of the organization.
Identify the type data collection method used by the Karry.

A. Active data collection

B. Passive data collection
C. Exploited data collection
D. Raw data collection

Answer: B

NEW QUESTION 13
Tracy works as a CISO in a large multinational company. She consumes threat intelligence to understand the changing trends of cyber security. She requires
intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, improvement of processes,

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure 312-85 dumps!
https://www.certshared.com/exam/312-85/ (49 Q&As)

and staff. The intelligence helps her in minimizing business risks and protecting the new technology and business initiatives.
Identify the type of threat intelligence consumer is Tracy.

A. Tactical users
B. Strategic users
C. Operational users
D. Technical users

Answer: B

NEW QUESTION 15
Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present
within the organization.
Which of the following are the needs of a RedTeam?

A. Intelligence related to increased attacks targeting a particular software or operating system vulnerability
B. Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)
C. Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs
D. Intelligence that reveals risks related to various strategic business decisions

Answer: B

NEW QUESTION 19
Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following
information, which is hidden in the web page header.
Connection status and content type
Accept-ranges and last-modified information
X-powered-by information
Web server in use and its version
Which of the following tools should the Tyrion use to view header content?

A. Hydra
B. AutoShun
C. Vanguard enforcer
D. Burp suite

Answer: D

NEW QUESTION 21
Mr. Bob, a threat analyst, is performing analysis of competing hypotheses (ACH). He has reached to a stage where he is required to apply his analysis skills
effectively to reject as many hypotheses and select the best hypotheses from the identified bunch of hypotheses, and this is done with the help of listed evidence.
Then, he prepares a matrix where all the screened hypotheses are placed on the top, and the listed evidence for the hypotheses are placed at the bottom.
What stage of ACH is Bob currently in?

A. Diagnostics
B. Evidence
C. Inconsistency
D. Refinement

Answer: A

NEW QUESTION 24
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this
data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information
stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and
gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack
experienced by the client organization.
Which of the following attacks is performed on the client organization?

A. DHCP attacks
B. MAC spoofing attack
C. Distributed Denial-of-Service (DDoS) attack
D. Bandwidth attack

Answer: C

NEW QUESTION 26
Alice, an analyst, shared information with security operation managers and network operations center (NOC) staff for protecting the organizational resources
against various threats. Information shared by Alice was highly technical and include threat actor TTPs, malware campaigns, tools used by threat actors, and so
on.
Which of the following types of threat intelligence was shared by Alice?

A. Strategic threat intelligence

B. Tactical threat intelligence
C. Technical threat intelligence
D. Operational threat intelligence

Answer: C

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure 312-85 dumps!
https://www.certshared.com/exam/312-85/ (49 Q&As)

NEW QUESTION 29
Alison, an analyst in an XYZ organization, wants to retrieve information about a company’s website from the time of its inception as well as the removed
information from the target website.
What should Alison do to get the information he needs.

A. Alison should use SmartWhois to extract the required website information.

B. Alison should use https://archive.org to extract the required website information.
C. Alison should run the Web Data Extractor tool to extract the required website information.
D. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.

Answer: C

NEW QUESTION 32
Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement
essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used
to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.
Which of the following online sources should Alice use to gather such information?

A. Financial services
B. Social network settings
C. Hacking forums
D. Job sites

Answer: C

NEW QUESTION 35
H&P, Inc. is a small-scale organization that has decided to outsource the network security monitoring due to lack of resources in the organization. They are looking
for the options where they can directly incorporate threat intelligence into their existing network defense solutions.
Which of the following is the most cost-effective methods the organization can employ?

A. Recruit the right talent

B. Look for an individual within the organization
C. Recruit data management solution provider
D. Recruit managed security service providers (MSSP)

Answer: D

NEW QUESTION 36
Sarah is a security operations center (SOC) analyst working at JW Williams and Sons organization based in Chicago. As a part of security operations, she
contacts information providers (sharing partners) for gathering information such as collections of validated and prioritized threat indicators along with a detailed
technical analysis of malware samples, botnets, DDoS attack methods, and various other malicious tools. She further used the collected information at the tactical
and operational levels.
Sarah obtained the required information from which of the following types of sharing partner?

A. Providers of threat data feeds

B. Providers of threat indicators
C. Providers of comprehensive cyber-threat intelligence
D. Providers of threat actors

Answer: C

NEW QUESTION 39
Walter and Sons Company has faced major cyber attacks and lost confidential data. The company has decided to concentrate more on the security rather than
other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful
information from collected bulk data.
Which of the following techniques will help Alice to perform qualitative data analysis?

A. Regression analysis, variance analysis, and so on

B. Numerical calculations, statistical modeling, measurement, research, and so on.
C. Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on
D. Finding links between data and discover threat-related information

Answer: C

NEW QUESTION 44
Jian is a member of the security team at Trinity, Inc. He was conducting a real-time assessment of system activities in order to acquire threat intelligence feeds. He
acquired feeds from sources like honeynets, P2P monitoring. infrastructure, and application logs.
Which of the following categories of threat intelligence feed was acquired by Jian?

A. Internal intelligence feeds

B. External intelligence feeds
C. CSV data feeds
D. Proactive surveillance feeds

Answer: A

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure 312-85 dumps!
https://www.certshared.com/exam/312-85/ (49 Q&As)

NEW QUESTION 45
......

Guaranteed success with Our exam guides visit - https://www.certshared.com

 Certshared now are offering 100% pass ensure 312-85 dumps!
https://www.certshared.com/exam/312-85/ (49 Q&As)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

312-85 Practice Exam Features:

* 312-85 Questions and Answers Updated Frequently

* 312-85 Practice Questions Verified by Expert Senior Certified Staff

* 312-85 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 312-85 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The 312-85 Practice Test Here

Guaranteed success with Our exam guides visit - https://www.certshared.com

Powered by TCPDF (www.tcpdf.org)