Exam (elaborations)

SANS FOR578 - GIAC GCTI exam questions with answers

Rating

Sold

Pages

Grade

A+

Uploaded on

04-07-2025

Written in

2024/2025

SANS FOR578 - GIAC GCTI exam questions with answers

Institution

SANS FOR578

Course

SANS FOR578

Whoops! We can’t load your doc right now. Try again or contact support.

Report Copyright Violation

Written for

Institution: SANS FOR578
Course: SANS FOR578

Document information

Uploaded on: July 4, 2025
Number of pages: 40
Written in: 2024/2025
Type: Exam (elaborations)
Contains: Questions & answers

Subjects

sans for578 giac gcti exam questions with answer

Content preview

SANS FOR578 / GIAC GCTI exam questions
|\ |\ |\ |\ |\ |\ |\

with answers |\

What is counterintelligence? - CORRECT ANSWERS ✔✔The
|\ |\ |\ |\ |\ |\ |\

identification, assessment, and neutralisation of adversary |\ |\ |\ |\ |\ |\

intelligence activities. |\

Which type of memory is the most critical in intel analysis and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

why? - CORRECT ANSWERS ✔✔Working memory as it processes
|\ |\ |\ |\ |\ |\ |\ |\ |\

inputs and determines whether to store them for long or short
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

term memory
|\

What is template matching? - CORRECT ANSWERS ✔✔Theory that
|\ |\ |\ |\ |\ |\ |\ |\

every object is processed by the brain and stored as a template
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

in long term memory
|\ |\ |\

Compare system 1 and 2 thinking - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\

✔✔System 1 - intuitive, fast, effective |\ |\ |\ |\ |\

System 2 - analytical, slow, methodical
|\ |\ |\ |\ |\

Which system of thinking requires mental models? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔System 1 |\ |\

,What is an activity group? - CORRECT ANSWERS ✔✔A clustering
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

of intrusions which cover 2 or more phases in the diamond model
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

What is a key indicator? - CORRECT ANSWERS ✔✔An indicator
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

that remains constant across multiple intrusions, uniquely
|\ |\ |\ |\ |\ |\ |\

distinguishes a campaign from other campaigns, and aligns to a |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

single category of adversary action.
|\ |\ |\ |\

What is a Collection Management Framework (CMF)? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔A CMF is the plan for how you collect data, where
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

you collect it, and what type of data you collect.
|\ |\ |\ |\ |\ |\ |\ |\ |\

What 3 aspects make up a threat? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

✔✔Intent, Capability, Opportunity |\ |\

Which level of effort is required to change a domain name
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

according to the pyramid of pain? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\

✔✔Simple

What is the importance of understanding intelligence collection
|\ |\ |\ |\ |\ |\ |\ |\

on a technical level? - CORRECT ANSWERS ✔✔Ensures analyst
|\ |\ |\ |\ |\ |\ |\ |\ |\

understands limitations of their data sources |\ |\ |\ |\ |\

What is counter intelligence? - CORRECT ANSWERS ✔✔The
|\ |\ |\ |\ |\ |\ |\ |\

identification, assessment, neutralisation, and exploitation of |\ |\ |\ |\ |\ |\

adversarial entities. |\

,Understanding your organizations vulnerabilities using models |\ |\ |\ |\ |\ |\

and config analysis is what type of threat detection? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Environmental |\

Which TLP level allows intel to be shared online? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔TLP: White |\ |\

On the sliding scale of cyber security, what category to analysts
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

respond to and learn from adversaries on their network? -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

CORRECT ANSWERS ✔✔Active Defence |\ |\ |\

Before satisfying an intel requirement, what must an analyst do
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

to determine if it is achievable? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\

✔✔Determine whether they have enough data to satisfy the |\ |\ |\ |\ |\ |\ |\ |\ |\

requirement. A Collection Management Framework (CMF) defines |\ |\ |\ |\ |\ |\ |\

how you collect data.|\ |\ |\

What TLP level allows you to share intel within your community? -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

CORRECT ANSWERS ✔✔TLP:Green
|\ |\ |\

IOCs are used to improve signatures of an organizations NIDS,
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

what category on the sliding scale of security does this all under?
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

- CORRECT ANSWERS ✔✔Passive Defence
|\ |\ |\ |\ |\

How can intel teams prevent bias? - CORRECT ANSWERS ✔✔Use
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

of Structured Analytic Techniques (SATs)
|\ |\ |\ |\ |\

Inclusion of diversity |\ |\

, Questioning the ROI and reduction of risk of security intel
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

functions within an organization is an example of what category
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

of intelligence? - CORRECT ANSWERS ✔✔Strategic
|\ |\ |\ |\ |\

What is synthesis in CTI field? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\

✔✔Combination of various event data sources, historical |\ |\ |\ |\ |\ |\ |\

information, and digital forensics to form a theory or system
|\ |\ |\ |\ |\ |\ |\ |\ |\

What is a priority intelligence requirement (PIR)? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Intelligence requirements that are seen as critical
|\ |\ |\ |\ |\ |\ |\ |\

to mission success.
|\ |\

Which non-linear approach to modelling was meant to eliminate
|\ |\ |\ |\ |\ |\ |\ |\ |\

stovepiping that occurs in intel work? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\

✔✔Target-centric intelligence |\

What is bouncing malware? - CORRECT ANSWERS ✔✔User is
|\ |\ |\ |\ |\ |\ |\ |\ |\

passed between multiple sites and numerous exploits used in
|\ |\ |\ |\ |\ |\ |\ |\ |\

convoluted combinations |\

Give 2 common examples of protocols used as delivery methods
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

for malware - CORRECT ANSWERS ✔✔SMTP
|\ |\ |\ |\ |\

HTTP

Which part of the CoA matrix involves hacking back? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Destroy |\

$21.99

Get access to the full document:

100% satisfaction guarantee

Immediately available after payment

Both online and in PDF

No strings attached

Get to know the seller

EXAMSTUDYPLUG

4.5

(230)

Get to know the seller

EXAMSTUDYPLUG Stanford University

View profile

Sold

305

Member since

3 year

Number of followers

107

Documents

18112

Last sold

4 hours ago

GRADE BUDDY

Welcome to My Page! Are you looking for high-quality study resources to ace your exams or better understand your coursework? You've come to the right place! I'm passionate about sharing my knowledge and helping students succeed academically. Here, you'll find a wide range of well-organized notes, study guides, and helpful materials across various subjects, including Maths ,nursig, Biology, History, etc.. Each resource is carefully crafted with detailed explanations, clear examples, and relevant key points to help simplify complex concepts. Whether you're preparing for a test, reviewing lectures, or need extra support, my resources are designed to make your learning experience smoother and more effective. Let me be a part of your academic journey, and feel free to reach out if you have any questions or need personalized assistance!

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller EXAMSTUDYPLUG. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $21.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews) 46458 documents were sold in the last 30 days Founded in 2010, the go-to place to buy study notes for 16 years now

SANS FOR578 - GIAC GCTI exam questions with answers

Written for

Document information

Subjects

Content preview

Get to know the seller

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Didn't get what you expected? Choose another document

Pay as you like, start learning right away

Frequently asked questions

What do I get when I buy this document?

Satisfaction guarantee: how does it work?

Who am I buying these notes from?

Will I be stuck with a subscription?

Can Stuvia be trusted?