SANS FOR578 UPDATED Exam
Questions and CORRECT Answers
School of Thought - CORRECT ANSWER - A perspective of a group with common
opinions and disciplines
Natural School of Thought - CORRECT ANSWER - A school of thought in which the
analyst identifies a pattern in similar data.
Law Enforcement Agency School of Thought - CORRECT ANSWER - A school of
thought in which you generate intelligence based on who did a crime. Focuses on attribution.
Intelligence Agency School of Thought - CORRECT ANSWER - A school of thought
based on the classic intelligence life cycle and applying requirements.
Moonlight Maze - CORRECT ANSWER - A case study that offers an early look at CTI
tradecraft. Showed the importance of analyzing the larger picture over a series of intrusions.
Artifacts and indicators may prove useful years after.
Cyber - CORRECT ANSWER - A living system
Intelligence - CORRECT ANSWER - The collection, processing, and analysis of
information about a competitive entity and its agents, needed by an organization or group for its
security and well-being.
GEOINT - CORRECT ANSWER - Geospatial intelligence collection from satellites.
MASINT - CORRECT ANSWER - Measurement and signature intelligence from radar
signatures, nuclear detonation signatures.
, SIGINT - CORRECT ANSWER - Intelligence derived from signal intercepts, such as cell
phone communications or tapping of communications lines.
Counterintelligence - CORRECT ANSWER - The identification, assessment,
neutralization, and exploitation of intelligence activities of adversarial entities.
Operation Bodyguard - CORRECT ANSWER - A case study showcasing the complexity
involved in counterintelligence. Allies spread disinformation that D-Day invasions were
occurring later than reality and at different locations than Normandy in order to confuse
adversaries.
Sherman Kent - CORRECT ANSWER - Considered the father of intelligence analysis.
Argued that it is important to give information with an assessment, since leaders do not have the
time or expertise to make good decisions on the data alone.
Richards J. Heuer Jr. - CORRECT ANSWER - A intelligence analyst focused on
structuring analysis, analysis types, critical thinking models and approaches, and overcoming
biases that hinder analyst thought processes.
Analysis - CORRECT ANSWER - A detailed examination of the elements or structure of
something.; Breaking something down into its constituent parts to understand its operation.
Synthesis - CORRECT ANSWER - Pulling in data from other sources aside from the event
we are analyzing, including historical information from both the targeted organization as well as
outside entities, and reaching out to other digital forensics and IR fields such as malware analysis
and forensics.
Analytical Judgement - CORRECT ANSWER - Going beyond the facts to assess what the
information signifies and how it impacts whatever organization they are supporting. It is made to
meet a specific intelligence requirement and is based off of available data and information while
acknowledging the information gaps and remaining uncertainties.
Questions and CORRECT Answers
School of Thought - CORRECT ANSWER - A perspective of a group with common
opinions and disciplines
Natural School of Thought - CORRECT ANSWER - A school of thought in which the
analyst identifies a pattern in similar data.
Law Enforcement Agency School of Thought - CORRECT ANSWER - A school of
thought in which you generate intelligence based on who did a crime. Focuses on attribution.
Intelligence Agency School of Thought - CORRECT ANSWER - A school of thought
based on the classic intelligence life cycle and applying requirements.
Moonlight Maze - CORRECT ANSWER - A case study that offers an early look at CTI
tradecraft. Showed the importance of analyzing the larger picture over a series of intrusions.
Artifacts and indicators may prove useful years after.
Cyber - CORRECT ANSWER - A living system
Intelligence - CORRECT ANSWER - The collection, processing, and analysis of
information about a competitive entity and its agents, needed by an organization or group for its
security and well-being.
GEOINT - CORRECT ANSWER - Geospatial intelligence collection from satellites.
MASINT - CORRECT ANSWER - Measurement and signature intelligence from radar
signatures, nuclear detonation signatures.
, SIGINT - CORRECT ANSWER - Intelligence derived from signal intercepts, such as cell
phone communications or tapping of communications lines.
Counterintelligence - CORRECT ANSWER - The identification, assessment,
neutralization, and exploitation of intelligence activities of adversarial entities.
Operation Bodyguard - CORRECT ANSWER - A case study showcasing the complexity
involved in counterintelligence. Allies spread disinformation that D-Day invasions were
occurring later than reality and at different locations than Normandy in order to confuse
adversaries.
Sherman Kent - CORRECT ANSWER - Considered the father of intelligence analysis.
Argued that it is important to give information with an assessment, since leaders do not have the
time or expertise to make good decisions on the data alone.
Richards J. Heuer Jr. - CORRECT ANSWER - A intelligence analyst focused on
structuring analysis, analysis types, critical thinking models and approaches, and overcoming
biases that hinder analyst thought processes.
Analysis - CORRECT ANSWER - A detailed examination of the elements or structure of
something.; Breaking something down into its constituent parts to understand its operation.
Synthesis - CORRECT ANSWER - Pulling in data from other sources aside from the event
we are analyzing, including historical information from both the targeted organization as well as
outside entities, and reaching out to other digital forensics and IR fields such as malware analysis
and forensics.
Analytical Judgement - CORRECT ANSWER - Going beyond the facts to assess what the
information signifies and how it impacts whatever organization they are supporting. It is made to
meet a specific intelligence requirement and is based off of available data and information while
acknowledging the information gaps and remaining uncertainties.
