Professional Documents
Culture Documents
Lesson 2 Explaining Threat Actors and Threat Intelligence
Lesson 2 Explaining Threat Actors and Threat Intelligence
Lesson 2 Explaining Threat Actors and Threat Intelligence
1.C
OSINT is using web search tools and social media to obtain information about
the target. It requires almost no privileged access as it relies on finding
information that the company makes publicly available, whether intentionally
or not.
The means the organization will take to protect the confidentiality, availability,
and integrity of sensitive data and resources is considered a security policy.
2.C
The TAXII protocol provides a means for transmitting CTI data between
servers and clients. Subscribers to the CTI service obtain updates to the data
to load into analysis tools over TAXII.
While STIX provides the syntax for describing CTI, the TAXII protocol
transmits CTI data between servers and clients.
3.A
An attack vector is the path through which a threat actor gains access to a
secure system; in this case, the path is through an employee's negligent
software installation, which in all likelihood is not intentional.
4.C
Access to deep web sites, especially those hidden from search engines, are
accessed via the website's URL. These are often only available via "word of
mouth" bulletin boards.
The Onion Router (TOR) is software used to establish a network overlay to
the Internet infrastructure to create the dark net. TOR, along with other
software like Freenet or I2P, anonymizes the usage of the dark net.
A dark web search engine can be used to find dark web website collections,
which constitute roughly 1% of the deep web. Some dark web websites have
hidden IP addresses and cannot be found by search engines or require
additional software to gain access to the site.
5.AB
A white hat hacker is given complete access to information about the network,
which is useful for simulating the behavior of a privileged insider threat, but
they are not an insider threat.
6.AC
OSINT refers to using web search tools and social media to obtain information
about the target. The contractor used this technique by identifying employees
and the local restaurant they go to after work.
Social engineering was used at the restaurant by learning about the vacant
positions and the shortfall in information security. This could be successful
due to the attacker being charismatic and also social norms of people wanting
to be friendly. The scenario also mentioned it was the popular location for
after work drinks, meaning that alcohol was also likely involved.
7.B
Vendors often post proprietary intelligence on their websites and blogs, free of
cost, as a general benefit to their consumers.
8.A
A threat is the potential for something to exploit a vulnerability. The thing that
poses the threat is called an actor, while the path used can be referred to as
the vector.
Risk is the likelihood and impact (or consequence) of a threat actor exploiting
a vulnerability.
An exploit is a method that is used to expose and compromise a vulnerability.
9.D
10.CD
From the choices provided, the two most critical factors to profile for a threat
actor are intent and motivation. Greed, curiosity, or grievance may motivate
an attacker.