[Nov-2021] Latest ECCouncil 312-85 exam dumps and online Test Engine
ECCouncil 312-85: Selling Certified Threat Intelligence Analyst Products and Solutions
ECCouncil 312-85 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
NEW QUESTION 28
Alison, an analyst in an XYZ organization, wants to retrieve information about a company's website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.
- A. Alison should use SmartWhois to extract the required website information.
- B. Alison should use https://archive.org to extract the required website information.
- C. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.
- D. Alison should run the Web Data Extractor tool to extract the required website information.
Answer: D
NEW QUESTION 29
Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?
- A. Data visualization
- B. Sandboxing
- C. Convenience sampling
- D. Normalization
Answer: D
NEW QUESTION 30
Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.
Connection status and content type
Accept-ranges and last-modified information
X-powered-by information
Web server in use and its version
Which of the following tools should the Tyrion use to view header content?
- A. AutoShun
- B. Vanguard enforcer
- C. Hydra
- D. Burp suite
Answer: D
NEW QUESTION 31
Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?
- A. Data collection through DNS interrogation
- B. Data collection through passive DNS monitoring
- C. Data collection through DNS zone transfer
- D. Data collection through dynamic DNS (DDNS)
Answer: A
NEW QUESTION 32
Walter and Sons Company has faced major cyber attacks and lost confidential dat a. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.
Which of the following techniques will help Alice to perform qualitative data analysis?
- A. Regression analysis, variance analysis, and so on
- B. Numerical calculations, statistical modeling, measurement, research, and so on.
- C. Finding links between data and discover threat-related information
- D. Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on
Answer: D
NEW QUESTION 33
ABC is a well-established cyber-security company in the United States. The organization implemented the automation of tasks such as data enrichment and indicator aggregation. They also joined various communities to increase their knowledge about the emerging threats. However, the security teams can only detect and prevent identified threats in a reactive approach.
Based on threat intelligence maturity model, identify the level of ABC to know the stage at which the organization stands with its security and vulnerabilities.
- A. Level 3: CTI program in place
- B. Level 2: increasing CTI capabilities
- C. Level 0: vague where to start
- D. Level 1: preparing for CTI
Answer: B
NEW QUESTION 34
Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?
- A. Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs
- B. Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)
- C. Intelligence related to increased attacks targeting a particular software or operating system vulnerability
- D. Intelligence that reveals risks related to various strategic business decisions
Answer: B
NEW QUESTION 35
Which of the following types of threat attribution deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target?
- A. Nation-state attribution
- B. True attribution
- C. Campaign attribution
- D. Intrusion-set attribution
Answer: B
NEW QUESTION 36
A team of threat intelligence analysts is performing threat analysis on malware, and each of them has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic processes must threat intelligence manager use?
- A. Analysis of competing hypotheses (ACH)
- B. Application decomposition and analysis (ADA)
- C. Threat modelling
- D. Automated technical analysis
Answer: A
NEW QUESTION 37
In which of the following forms of bulk data collection are large amounts of data first collected from multiple sources in multiple formats and then processed to achieve threat intelligence?
- A. Production form
- B. Hybrid form
- C. Unstructured form
- D. Structured form
Answer: C
NEW QUESTION 38
In which of the following storage architecture is the data stored in a localized system, server, or storage hardware and capable of storing a limited amount of data in its database and locally available for data usage?
- A. Centralized storage
- B. Object-based storage
- C. Cloud storage
- D. Distributed storage
Answer: B
NEW QUESTION 39
An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?
- A. DNS zone transfer
- B. DNS interrogation
- C. Fast-Flux DNS
- D. Dynamic DNS
Answer: C
NEW QUESTION 40
Alice, an analyst, shared information with security operation managers and network operations center (NOC) staff for protecting the organizational resources against various threats. Information shared by Alice was highly technical and include threat actor TTPs, malware campaigns, tools used by threat actors, and so on.
Which of the following types of threat intelligence was shared by Alice?
- A. Technical threat intelligence
- B. Strategic threat intelligence
- C. Operational threat intelligence
- D. Tactical threat intelligence
Answer: A
NEW QUESTION 41
During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary's information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.
- A. Technical threat intelligence analysis
- B. Strategic threat intelligence analysis
- C. Tactical threat intelligence analysis
- D. Operational threat intelligence analysis
Answer: C
NEW QUESTION 42
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?
- A. Bandwidth attack
- B. DHCP attacks
- C. Distributed Denial-of-Service (DDoS) attack
- D. MAC spoofing attack
Answer: C
NEW QUESTION 43
Kim, an analyst, is looking for an intelligence-sharing platform to gather and share threat information from a variety of sources. He wants to use this information to develop security policies to enhance the overall security posture of his organization.
Which of the following sharing platforms should be used by Kim?
- A. Blueliv threat exchange network
- B. Cuckoo sandbox
- C. OmniPeek
- D. PortDroid network analysis
Answer: A
NEW QUESTION 44
......
New 2021 312-85 Test Tutorial (Updated 50 Questions): https://www.itexamreview.com/312-85-exam-dumps.html
Reliable 312-85 Exam Tips Test Pdf Exam Material: https://drive.google.com/open?id=1xJiHgHUB8cypmgyU0_qHpz89KYRtfxse
