Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

SANS FOR578 / GIAC GCTI CERTIFICATION EXAM PREP LATEST EXAM QUESTIONS AND VERIFIED ANSWERS GRADED A+

Puntuación
-
Vendido
-
Páginas
14
Grado
A+
Subido en
15-07-2026
Escrito en
2025/2026

In-depth exam prep for SANS FOR578 (Cyber Threat Intelligence) and GIAC GCTI certification, featuring the latest verified questions and expert answers. Covers core CTI concepts including the Diamond Model, Cyber Kill Chain (CKC), Collection Management Frameworks (CMF), and the Pyramid of Pain. Includes intelligence analysis fundamentals (System 1/System 2 thinking, cognitive biases like anchoring, confirmation bias, and congruence bias, structured analytic techniques, and logical fallacies), indicator lifecycle and Courses of Action (CoA) matrix, activity groups and campaign clustering, threat actor attribution (intent, capability, opportunity), malware analysis and pivoting (YARA rules, PE Rich Headers, C2 domain classification), threat sharing platforms (MISP, TAXII/STIX, CRITs, Threat_NOTE), passive DNS and OSINT techniques, TLP classifications, and strategic/operational/tactical intelligence types. Ideal for GCTI certification candidates, cyber threat intelligence analysts, and SOC/incident response professionals preparing for the SANS FOR578 exam. Updated and accurate.

Mostrar más Leer menos
Institución
Sans Forensics
Grado
Sans forensics

Vista previa del contenido

SANS FOR578 / GIAC GCTI CERTIFICATION EXAM PREP LATEST EXAM QUESTIONS AND VERIFIED ANSWERS GRADED A+

What is counterintelligence? ✔️The identification, assessment, and neutralisation of adversary intelligence activities.

Which type of memory is the most critical in intel analysis and why? ✔️Working memory as it processes inputs and determines whether to store
them for long or short term memory

What is template matching? ✔️Theory that every object is processed by the brain and stored as a template in long term memory

Compare system 1 and 2 thinking ✔️System 1 - intuitive, fast, effective



System 2 - analytical, slow, methodical

Which system of thinking requires mental models? ✔️System 1

What is an activity group? ✔️A clustering of intrusions which cover 2 or more phases in the diamond model

What is a key indicator? ✔️An indicator that remains constant across multiple intrusions, uniquely distinguishes a campaign from other
campaigns, and aligns to a single category of adversary action.

What is a Collection Management Framework (CMF)? ✔️A CMF is the plan for how you collect data, where you collect it, and what type of data
you collect.

What 3 aspects make up a threat? ✔️Intent, Capability, Opportunity

Which level of effort is required to change a domain name according to the pyramid of pain? ✔️Simple

What is the importance of understanding intelligence collection on a technical level? ✔️Ensures analyst understands limitations of their data
sources

What is counter intelligence? ✔️The identification, assessment, neutralisation, and exploitation of adversarial entities.

Understanding your organizations vulnerabilities using models and config analysis is what type of threat detection? ✔️Environmental

Which TLP level allows intel to be shared online? ✔️TLP: White

On the sliding scale of cyber security, what category to analysts respond to and learn from adversaries on their network? ✔️Active Defence

Before satisfying an intel requirement, what must an analyst do to determine if it is achievable? ✔️Determine whether they have enough data
to satisfy the requirement. A Collection Management Framework (CMF) defines how you collect data.

What TLP level allows you to share intel within your community? ✔️TLP:Green

IOCs are used to improve signatures of an organizations NIDS, what category on the sliding scale of security does this all under? ✔️Passive
Defence

How can intel teams prevent bias? ✔️Use of Structured Analytic Techniques (SATs)



Inclusion of diversity

Questioning the ROI and reduction of risk of security intel functions within an organization is an example of what category of intelligence?
✔️Strategic

What is synthesis in CTI field? ✔️Combination of various event data sources, historical information, and digital forensics to form a theory or
system

What is a priority intelligence requirement (PIR)? ✔️Intelligence requirements that are seen as critical to mission success.

Which non-linear approach to modelling was meant to eliminate stovepiping that occurs in intel work? ✔️Target-centric intelligence

, What is bouncing malware? ✔️User is passed between multiple sites and numerous exploits used in convoluted combinations

Give 2 common examples of protocols used as delivery methods for malware ✔️SMTP

HTTP

Which part of the CoA matrix involves hacking back? ✔️Destroy

What are the 3 stages of the indicator lifecycle? ✔️Revealed

Mature

Utilized

When completing the kill chain should the investigators go backwards or forwards? ✔️Investigators should always proceed from the point
detection takes place to the end of the kill chain to ensure the threat has been dealt with, then they can work backwards after that.

What is temporal triangulation? ✔️Looking for files that might have different types of timestamps with the same value

What is temporal clustering? ✔️Looking for clusters of EXE or DLL files being created

Malware often maps to which part of the diamond model? ✔️Capability

Name 3 common locations for human fingerprints in malware ✔️Header metadata

Code reuse

Config data

Name 4 places to get malware samples ✔️First party data

Partners

Sharing groups

Commerical data sets - VirusTotal

Why might it be a bad thing to upload to VirusTotal? ✔️Adversaries will find out that their malware has been detected

What is DC3? ✔️A framework for creating modules to parse malware config data

Name 3 classes of C2 domains ✔️Adversary registered (e.g. GoDaddy)

Dynamic DNS domains

Legitimate but compromised

Whats the downside of an adversary registered domain for an adversary? ✔️Potentially requires personal information of the attacker to sign up

May lead to a money trail

What is an ANS lookup? ✔️Autonomous System Number (ASN) lookups detemrine organizational ownership of IP addresses and can reveal the
relationship between 2 addresses.

Which high value/high cost security monitoring source allows you to reproduce actions of an adversary on your network? ✔️Full packet capture

Which part of a URL is variable? ✔️The query portion

Which 2 categories can adversary be broken into? ✔️Adversary Operator - the individual executing the action directly

Adversary Customer - the entity that stands to benefit from the actions

What is the best way to spot suspicious processes on compromsied systems? ✔️Comparing findings on a compromised system to a baseline
system

At what stage of the CKC is persistance initially established? ✔️Installation

Escuela, estudio y materia

Institución
Sans forensics
Grado
Sans forensics

Información del documento

Subido en
15 de julio de 2026
Número de páginas
14
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$8.19
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor
Seller avatar
Examwizard

Conoce al vendedor

Seller avatar
Examwizard Chamberlain College Nursing
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
1
Miembro desde
1 mes
Número de seguidores
0
Documentos
247
Última venta
2 semanas hace
Exam Wizard

On this page you will find all documents, Package deals, Test Banks, Solution manuals, WGU, ATI, HESI, ETC........ Leave a review Always leave a review after purchasing any document so as to make sure our Customers are 100% Satisfied. ALL THE BEST!!!!!!!!!!!!!!!!!!!

0.0

0 reseñas

5
0
4
0
3
0
2
0
1
0

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes