CREST Practitioner Threat Intelligence Analyst Questions And Answers

Cyber Threat Intelligence - Answer-A type of information that organisations use to understand and protect themselves against cyber threats How is CTI integrated into an organisation? - Answer-Identify and prioritise potential threats Inform the development and implementation of security controls and procedures Inform incident response and crisis management plans Monitor an organisation's external communications channels and detect cyber-attacks early on Providing an ongoing perspective of the cyber threat landscape How can CTI be obtained? - Answer-Subscribing to CTI feeds Hiring a third-party vendor Setting up an in-house CTI team What are the benefits of CTI to an organisation? - Answer-Gives insights into mechanisms and implications of threats Build defence strategies and frameworks Reduce their attack surface Surface Web - Answer-Anywhere that's accessible via normal search engines Deep Web - Answer-Anywhere that can be accessed via a normal web browser but is more hidden Dark Web - Answer-A section of the internet only accessible via Tor Data - Answer-Simple facts available in large volumes in the context of cyber securityInformation - Answer-Produced when data is collated to provide a useful output Intelligence - Answer-Comes from the processing and analysis of this information and can be used to inform decision making Collection - Answer-The process that obtains data Processing - Answer-The process that turns data into information Analysis - Answer-The process that turns information into intelligence Strategic Level - Answer-CTI at the board level for senior decision makers Operational Level - Answer-CTI for SOC operations and security controls applications, supporting the day to day operations of the business Tactical Level - Answer-CTI for technical investigations and threat hunts Black Hat Hacker - Answer-Conducts hacking activities without owner consent and with malicious intent Grey Hat Hacker - Answer-Conducts hacking activities without owner consent but usually stops short of malicious activity White Hat Hacker - Answer-Conducts hacking activities with the consent of the owner Threat Vector - Answer-A path or method via which a threat gains access to a computer or network Vulnerability - Answer-A flaw in the system (people, technology, business logic) that a threat can exploit to create an effect on the systemAttack Surface - Answer-The combined sum of the different points within an organisation that a malicious cyber actor can use to mount an attack