Threat Intelligent Services Quiz Answers NSE 2

Fig 1: Threat Intelligent Services Quiz Answers NSE 2

Question 1: Which statement about cyber-attacks is true?

·         It is important that individuals become more aware of and knowledgeable about any attacks.

·         Sharing intelligence among security vendors is the best way to fight threats.

·         There is no secrecy within security vendors and all information is shared.

·         As bad actors continue to evolve it is important to invest in expensive security products.

·         Security products and threat intelligence services that can act together in real time stand the best chance of stopping these attacks.

Question 2: Which are three functions of sandboxing? (Choose three.)

·         Sandboxing quarantines suspicious files and immediately flags them as malware.

·         Depending on the configuration, the owner of the sandbox can propagate this new knowledge across their network security environment.

·         After some time, if nothing malicious is detected in the quarantined files, the sandbox declares them as safe and releases them from quarantine.

·         Sandboxing products take a suspect file and places it in an environment where its behaviors can be closely analyzed.

·         Sandboxes can send the details to the vendor’s threat intelligence service so that the details can be shared worldwide.

Question 3: In the early days of threat intelligence service, in which three timeframes were vendor updates released? (Choose three.)

·         Once a year

·         Every week

·         Monthly

·         Twice a year

·         Quarterly

Question 4: What happens when each known malware file is represented by a one-to-one signature approach?

·         It does not scale well, because the number of malware files increases by millions or more each day.

·         The malware count increases daily, however it can be detected early by a one-to-one signature approach.

·         There are more vendor organizations that are able to keep up with the increasing number of malware files.

·         Malware-as-a-service organizations provide do-it-yourself malware kits as a solution.

·         The variations of malware are easily detected thanks to the affordability of malware kits.

·         Clear my choice

Question 5: What happened when malware became more sophisticated and able to change its own file content?

·         Less sophisticated malware was still able to evade classic signature-based scanning.

·         One new type of malware was detected per year, resulting in the growth of the malware family.

·         Malware signatures did not change, and it was not able to sneak by older antivirus products.

·         A single type of malware did not multiply and no bad behavior was detected.

·         A single type of malware became an entire malware family, consisting of perhaps thousands of different files, but each file performing the same bad behaviors.

Question 6: The threat intelligence service catalogs data about existing or emerging attacks, including the specific mechanisms of the attack, and evidence that the attack has happened.

·         What is this data also known as?

·         Sandboxing

·         Intelligence catalogs

·         Artificial intelligence

·         Indicators of compromise

·         Machine learning

Question 7: Which behavior does a sandbox look for when searching for malware?
Select one:

·         Behaved abnormally*

·         Exploited known software weakness

·         Failed check sum

·         Matched signatures

Question 8:Which statement best describes an indicator of compromise (IoC)?
Select one:

·         A list of network devices that are known to be compromised

·         Sources of potential threat actors and their sponsors

·         Evidence that a cyberattack has happened or is ongoing*

·         Valuable information about computer systems and the network

Question 9:Which two organizations are examples of a threat intelligence service that serves the wider security community? (Choose two.)
Select one or more:

·         NIST

·         Malware-as-a-Service

·         Cyber Threat Alliance*

·         FortiGuard Labs*

Question 10:What is the sandbox detection method known as?
Select one:

·         Heuristic detection

·         Check sum detection

·         Signature-based detection

·         Rule-based detection

Question 11:Which method best defeats unknown malware?
Select one:

·         Predicted malware detection

·         Web filtering

·         Sandboxing*

·         Signature-based detection

Question 12:Which statement best describes polymorphic malware?
Select one:

·         Polymorphic malware is malware that exploits an unknown security weakness in an application or OS

·         Polymorphic malware is unsophisticated malware that can evade signature-based scanning.

·         Polymorphic malware is a malware family with thousands of variants but behaving the same way.*

·         Polymorphic malware is malware that remains unique and unchanging.