Tips To Pass Certified Threat Intelligence Analyst 312-85 Exam

test2022-07-30T02:44:09+00:00

It is not an easy task to prepare for the EC-Council 312-85 certification exam. We have prepared new 312-85 exam dumps to assist you in properly preparing for the Certified Threat Intelligence Analyst test. If you want to pass the 312-85 exam in the 1st try, FreeTestShare 100% real 312-85 exam dumps are the best study materials for your preparation. FreeTestShare 312-85 exam dumps include real exam questions and answers, allowing you to quickly learn about the topics included in the Certified Threat Intelligence Analyst exam!

Now is the time to put your skills to the test with these online 312-85 practice exams!

Page 1 of 1

1. Build a work breakdown structure (WBS)

1-->9-->2-->8-->3-->7-->4-->6-->5

3-->4-->5-->2-->1-->9-->8-->7-->6

1-->2-->3-->4-->5-->6-->9-->8-->7

1-->2-->3-->4-->5-->6-->7-->8-->9

2. Sam works as an analyst in an organization named InfoTech Security. He was asked to collect information from various threat intelligence sources. In meeting the deadline, he forgot to verify the threat intelligence sources and used data from an open-source data provider, who offered it at a very low cost. Through it was beneficial at the initial stage but relying on such data providers can produce unreliable data and noise putting the organization network into risk.

What mistake Sam did that led to this situation?

Sam used unreliable intelligence sources.

Sam used data without context.

Sam did not use the proper standardization formats for representing threat data.

Sam did not use the proper technology to use or consume the information.

3. Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website foot printing to obtain the following information, which is hidden in the web page header.

Connection status and content type

Accept-ranges and last-modified information

X-powered-by information

Web server in use and its version

Which of the following tools should the Tyrion use to view header content?

Hydra

AutoShun

Vanguard enforcer

Burp suite

4. Walter and Sons Company has faced major cyber attacks and lost confidential data. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.

Which of the following techniques will help Alice to perform qualitative data analysis?

Regression analysis, variance analysis, and so on

Numerical calculations, statistical modeling, measurement, research, and so on.

Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on

Finding links between data and discover threat-related information

5. Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks.

She used a threat modelling methodology where she performed the following stages:

Stage 1: Build asset-based threat profiles

Stage 2: Identify infrastructure vulnerabilities

Stage 3: Develop security strategy and plans

Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

TRIKE

VAST

OCTAVE

DREAD

6. Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.

Which of the following key indicators of compromise does this scenario present?

Unusual outbound network traffic

Unexpected patching of systems

Unusual activity through privileged user account

Geographical anomalies

7. Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.

Which of the following types of trust model is used by Garry to establish the trust?

Mediated trust

Mandated trust

Direct historical trust

Validated trust

8. A network administrator working in an ABC organization collected log files generated by a traffic monitoring system, which may not seem to have useful information, but after performing proper analysis by him, the same information can be used to detect an attack in the network.

Which of the following categories of threat information has he collected?

Advisories

Strategic reports

Detection indicators

Low-level data

9. Cybersol Technologies initiated a cyber-threat intelligence program with a team of threat intelligence analysts. During the process, the analysts started converting the raw data into useful information by applying various techniques, such as machine-based techniques, and statistical methods.

In which of the following phases of the threat intelligence lifecycle is the threat intelligence team currently working?

Dissemination and integration

Planning and direction

Processing and exploitation

Analysis and production

10. Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.

What should Jim do to detect the data staging before the hackers exfiltrate from the network?

Jim should identify the attack at an initial stage by checking the content of the user agent field.

Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.

Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.

Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.