Topic 2B: Threat Intelligence

Question 1

Dark web

Answer 1

Internet locations kept hidden from search engines with encryption and anonymization

Question 2

Behavioral threat research

Answer 2

narrative commentary describing examples of attacks and TTPs gathered through primary research sources

Question 3

Reputational threat research

Answer 3

Repository of known threat spaces, including signatures, IP addresses, DNS

Question 4

Threat data

Answer 4

Computer data that can correlate events observed on a customer’s own networks and logs with known TTP and threat actor indicators

Question 5

Tactic, technique, procedure

Answer 5

Generalized statement of adversary behavior

Question 6

Indicator of Compromise

Answer 6

Residual sign of successful or ongoing attack

Question 7

Threat data feed

Answer 7

Signatures and pattern matching applied to an automated feed

Question 8

STIX

Answer 8

Standard Threat Information Expression: a universal terminology for describing IoCs

Question 9

TAXII

Answer 9

Trusted Automated Exchange of Indicator Information: the protocol for communicating CTI

Question 10

CTI

Answer 10

Cyber Threat Intelligence

Question 11

AIS

Answer 11

Automated Indicator Sharing: a DHS program for ISAC members and private members to subscribe to CTI sharing

Question 12

File code repository

Answer 12

A web location hosting malware signatures

Question 13

CVEs

Answer 13

Common Vulnerabilities and Exposures: the magic list MITRE maintains

Question 14

Machine Learning

Answer 14

A sub feature of AI where a machine parses input data to make decisions with it. ML is capable of modifying its own algorithms to gradually improve decision making