ECCouncil Certified Threat Intelligence Analyst - 312-85 Exam Practice Test

Which of the following characteristics of APT refers to numerous attempts done by the attacker to gain entry to the target's network?

During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary's information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.

Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

Sean works as a threat intelligence analyst. He is assigned a project for information gathering on a client's network to find a potential threat. He started analysis and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. He was unable to find any information.
What should Sean do to get the information he needs?

James, a senior threat intelligence officer, was tasked with assessing the success and failure of the threat intelligence program established by the organization. As part of the assessment, James reviewed the outcome of the intelligence program, determined if any improvements were required, and identified the past learnings that can be applied to future programs.
Identify the activity performed by James in the above scenario.

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?

While monitoring network activities, an unusual surge in outbound traffic was noticed, and a potential security incident was suspected. In the context of incident responses, what is the initial stage at which you actively recognize and confirm the presence of an incident?

As the CEO of a multinational corporation, you focus on making decisions that align with the organization's long-term goals and overall business strategies. What type of threat intelligence would be most valuable in guiding your decisions to enhance a company's resilience against emerging cyber threats?

SecurityTech Inc. is developing a TI plan where it can drive more advantages in less funds. In the process of selecting a TI platform, it wants to incorporate a feature that ranks elements such as intelligence sources, threat actors, attacks, and digital assets of the organization, so that it can put in more funds toward the resources which are critical for the organization's security.
Which of the following key features should SecurityTech Inc. consider in their TI plan for selecting the TI platform?