SANS FOR578 / GIAC GCTI exam questions
|\ |\ |\ |\ |\ |\ |\
with answers |\
What is counterintelligence? - CORRECT ANSWERS ✔✔The
|\ |\ |\ |\ |\ |\ |\
identification, assessment, and neutralisation of adversary |\ |\ |\ |\ |\ |\
intelligence activities. |\
Which type of memory is the most critical in intel analysis and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
why? - CORRECT ANSWERS ✔✔Working memory as it processes
|\ |\ |\ |\ |\ |\ |\ |\ |\
inputs and determines whether to store them for long or short
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
term memory
|\
What is template matching? - CORRECT ANSWERS ✔✔Theory that
|\ |\ |\ |\ |\ |\ |\ |\
every object is processed by the brain and stored as a template
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
in long term memory
|\ |\ |\
Compare system 1 and 2 thinking - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔System 1 - intuitive, fast, effective |\ |\ |\ |\ |\
System 2 - analytical, slow, methodical
|\ |\ |\ |\ |\
Which system of thinking requires mental models? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔System 1 |\ |\
,What is an activity group? - CORRECT ANSWERS ✔✔A clustering
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of intrusions which cover 2 or more phases in the diamond model
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
What is a key indicator? - CORRECT ANSWERS ✔✔An indicator
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
that remains constant across multiple intrusions, uniquely
|\ |\ |\ |\ |\ |\ |\
distinguishes a campaign from other campaigns, and aligns to a |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
single category of adversary action.
|\ |\ |\ |\
What is a Collection Management Framework (CMF)? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔A CMF is the plan for how you collect data, where
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
you collect it, and what type of data you collect.
|\ |\ |\ |\ |\ |\ |\ |\ |\
What 3 aspects make up a threat? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Intent, Capability, Opportunity |\ |\
Which level of effort is required to change a domain name
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
according to the pyramid of pain? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Simple
What is the importance of understanding intelligence collection
|\ |\ |\ |\ |\ |\ |\ |\
on a technical level? - CORRECT ANSWERS ✔✔Ensures analyst
|\ |\ |\ |\ |\ |\ |\ |\ |\
understands limitations of their data sources |\ |\ |\ |\ |\
What is counter intelligence? - CORRECT ANSWERS ✔✔The
|\ |\ |\ |\ |\ |\ |\ |\
identification, assessment, neutralisation, and exploitation of |\ |\ |\ |\ |\ |\
adversarial entities. |\
,Understanding your organizations vulnerabilities using models |\ |\ |\ |\ |\ |\
and config analysis is what type of threat detection? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Environmental |\
Which TLP level allows intel to be shared online? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔TLP: White |\ |\
On the sliding scale of cyber security, what category to analysts
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
respond to and learn from adversaries on their network? -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Active Defence |\ |\ |\
Before satisfying an intel requirement, what must an analyst do
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to determine if it is achievable? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Determine whether they have enough data to satisfy the |\ |\ |\ |\ |\ |\ |\ |\ |\
requirement. A Collection Management Framework (CMF) defines |\ |\ |\ |\ |\ |\ |\
how you collect data.|\ |\ |\
What TLP level allows you to share intel within your community? -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔TLP:Green
|\ |\ |\
IOCs are used to improve signatures of an organizations NIDS,
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
what category on the sliding scale of security does this all under?
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- CORRECT ANSWERS ✔✔Passive Defence
|\ |\ |\ |\ |\
How can intel teams prevent bias? - CORRECT ANSWERS ✔✔Use
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of Structured Analytic Techniques (SATs)
|\ |\ |\ |\ |\
Inclusion of diversity |\ |\
, Questioning the ROI and reduction of risk of security intel
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
functions within an organization is an example of what category
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of intelligence? - CORRECT ANSWERS ✔✔Strategic
|\ |\ |\ |\ |\
What is synthesis in CTI field? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Combination of various event data sources, historical |\ |\ |\ |\ |\ |\ |\
information, and digital forensics to form a theory or system
|\ |\ |\ |\ |\ |\ |\ |\ |\
What is a priority intelligence requirement (PIR)? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Intelligence requirements that are seen as critical
|\ |\ |\ |\ |\ |\ |\ |\
to mission success.
|\ |\
Which non-linear approach to modelling was meant to eliminate
|\ |\ |\ |\ |\ |\ |\ |\ |\
stovepiping that occurs in intel work? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Target-centric intelligence |\
What is bouncing malware? - CORRECT ANSWERS ✔✔User is
|\ |\ |\ |\ |\ |\ |\ |\ |\
passed between multiple sites and numerous exploits used in
|\ |\ |\ |\ |\ |\ |\ |\ |\
convoluted combinations |\
Give 2 common examples of protocols used as delivery methods
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
for malware - CORRECT ANSWERS ✔✔SMTP
|\ |\ |\ |\ |\
HTTP
Which part of the CoA matrix involves hacking back? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Destroy |\
|\ |\ |\ |\ |\ |\ |\
with answers |\
What is counterintelligence? - CORRECT ANSWERS ✔✔The
|\ |\ |\ |\ |\ |\ |\
identification, assessment, and neutralisation of adversary |\ |\ |\ |\ |\ |\
intelligence activities. |\
Which type of memory is the most critical in intel analysis and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
why? - CORRECT ANSWERS ✔✔Working memory as it processes
|\ |\ |\ |\ |\ |\ |\ |\ |\
inputs and determines whether to store them for long or short
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
term memory
|\
What is template matching? - CORRECT ANSWERS ✔✔Theory that
|\ |\ |\ |\ |\ |\ |\ |\
every object is processed by the brain and stored as a template
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
in long term memory
|\ |\ |\
Compare system 1 and 2 thinking - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔System 1 - intuitive, fast, effective |\ |\ |\ |\ |\
System 2 - analytical, slow, methodical
|\ |\ |\ |\ |\
Which system of thinking requires mental models? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔System 1 |\ |\
,What is an activity group? - CORRECT ANSWERS ✔✔A clustering
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of intrusions which cover 2 or more phases in the diamond model
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
What is a key indicator? - CORRECT ANSWERS ✔✔An indicator
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
that remains constant across multiple intrusions, uniquely
|\ |\ |\ |\ |\ |\ |\
distinguishes a campaign from other campaigns, and aligns to a |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
single category of adversary action.
|\ |\ |\ |\
What is a Collection Management Framework (CMF)? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔A CMF is the plan for how you collect data, where
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
you collect it, and what type of data you collect.
|\ |\ |\ |\ |\ |\ |\ |\ |\
What 3 aspects make up a threat? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Intent, Capability, Opportunity |\ |\
Which level of effort is required to change a domain name
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
according to the pyramid of pain? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Simple
What is the importance of understanding intelligence collection
|\ |\ |\ |\ |\ |\ |\ |\
on a technical level? - CORRECT ANSWERS ✔✔Ensures analyst
|\ |\ |\ |\ |\ |\ |\ |\ |\
understands limitations of their data sources |\ |\ |\ |\ |\
What is counter intelligence? - CORRECT ANSWERS ✔✔The
|\ |\ |\ |\ |\ |\ |\ |\
identification, assessment, neutralisation, and exploitation of |\ |\ |\ |\ |\ |\
adversarial entities. |\
,Understanding your organizations vulnerabilities using models |\ |\ |\ |\ |\ |\
and config analysis is what type of threat detection? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Environmental |\
Which TLP level allows intel to be shared online? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔TLP: White |\ |\
On the sliding scale of cyber security, what category to analysts
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
respond to and learn from adversaries on their network? -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Active Defence |\ |\ |\
Before satisfying an intel requirement, what must an analyst do
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to determine if it is achievable? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Determine whether they have enough data to satisfy the |\ |\ |\ |\ |\ |\ |\ |\ |\
requirement. A Collection Management Framework (CMF) defines |\ |\ |\ |\ |\ |\ |\
how you collect data.|\ |\ |\
What TLP level allows you to share intel within your community? -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔TLP:Green
|\ |\ |\
IOCs are used to improve signatures of an organizations NIDS,
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
what category on the sliding scale of security does this all under?
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
- CORRECT ANSWERS ✔✔Passive Defence
|\ |\ |\ |\ |\
How can intel teams prevent bias? - CORRECT ANSWERS ✔✔Use
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of Structured Analytic Techniques (SATs)
|\ |\ |\ |\ |\
Inclusion of diversity |\ |\
, Questioning the ROI and reduction of risk of security intel
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
functions within an organization is an example of what category
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of intelligence? - CORRECT ANSWERS ✔✔Strategic
|\ |\ |\ |\ |\
What is synthesis in CTI field? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Combination of various event data sources, historical |\ |\ |\ |\ |\ |\ |\
information, and digital forensics to form a theory or system
|\ |\ |\ |\ |\ |\ |\ |\ |\
What is a priority intelligence requirement (PIR)? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Intelligence requirements that are seen as critical
|\ |\ |\ |\ |\ |\ |\ |\
to mission success.
|\ |\
Which non-linear approach to modelling was meant to eliminate
|\ |\ |\ |\ |\ |\ |\ |\ |\
stovepiping that occurs in intel work? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Target-centric intelligence |\
What is bouncing malware? - CORRECT ANSWERS ✔✔User is
|\ |\ |\ |\ |\ |\ |\ |\ |\
passed between multiple sites and numerous exploits used in
|\ |\ |\ |\ |\ |\ |\ |\ |\
convoluted combinations |\
Give 2 common examples of protocols used as delivery methods
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
for malware - CORRECT ANSWERS ✔✔SMTP
|\ |\ |\ |\ |\
HTTP
Which part of the CoA matrix involves hacking back? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Destroy |\
