In the early days of threat intelligence service, in which three timeframes were vendor updates released? (Choose three.)
Select one or more:
Monthly
Every week
Twice a year
Quarterly
*Once a year
The threat intelligence service catalogs data about existing or emerging attacks, including the specific mechanisms of the attack, and evidence that the attack has happened.
What is this data also known as?
Select one:
Machine learning
Intelligence catalogs
*Indicators of compromise
Artificial intelligence
Sandboxing
Which statement about cyber-attacks is true?
Select one:
*Security products and threat intelligence services that can act together in real time stand the best chance of stopping these attacks.
It is important that individuals become more aware of and knowledgeable about any attacks.
As bad actors continue to evolve it is important to invest in expensive security products.
There is no secrecy within security vendors and all information is shared.
Sharing intelligence among security vendors is the best way to fight threats
Which are three functions of sandboxing? (Choose three.)
Select one or more:
Sandboxing quarantines suspicious files and immediately flags them as malware.
After some time, if nothing malicious is detected in the quarantined files, the sandbox declares them as safe and releases them from quarantine.
Sandboxes can send the details to the vendor’s threat intelligence service so that the details can be shared worldwide.
Sandboxing products take a suspect file and places it in an environment where its behaviors can be closely analyzed.
*Depending on the configuration, the owner of the sandbox can propagate this new knowledge across their network security environment
What happens when each known malware file is represented by a one-to-one signature approach?
Select one:
There are more vendor organizations that are able to keep up with the increasing number of malware files.
The malware count increases daily, however it can be detected early by a one-to-one signature approach.
The variations of malware are easily detected thanks to the affordability of malware kits.
Malware-as-a-service organizations provide do-it-yourself malware kits as a solution.
*It does not scale well, because the number of malware files increases by millions or more each day.
What happened when malware became more sophisticated and able to change its own file content?
Select one:
One new type of malware was detected per year, resulting in the growth of the malware family.
A single type of malware did not multiply and no bad behavior was detected.
*A single type of malware became an entire malware family, consisting of perhaps thousands of different files, but each file performing the same bad behaviors.
Malware signatures did not change, and it was not able to sneak by older antivirus products.
Less sophisticated malware was still able to evade classic signature-based scanning.
The threat intelligence service catalogs data about existing or emerging attacks, including the specific mechanisms of the attack, and evidence that the attack has happened.
What is this data also known as?
Select one:
Intelligence catalogs
*Indicators of compromise
Artificial intelligence
Machine learning
Sandboxing
In the early days of threat intelligence service, in which three timeframes were vendor updates released? (Choose three.) Select one or more: Monthly Every week Twice a year Quarterly *Once a year
The threat intelligence service catalogs data about existing or emerging attacks, including the specific mechanisms of the attack, and evidence that the attack has happened.
What is this data also known as? Select one: Machine learning Intelligence catalogs *Indicators of compromise Artificial intelligence Sandboxing
Which statement about cyber-attacks is true? Select one: *Security products and threat intelligence services that can act together in real time stand the best chance of stopping these attacks. It is important that individuals become more aware of and knowledgeable about any attacks. As bad actors continue to evolve it is important to invest in expensive security products. There is no secrecy within security vendors and all information is shared. Sharing intelligence among security vendors is the best way to fight threats
Which are three functions of sandboxing? (Choose three.) Select one or more: Sandboxing quarantines suspicious files and immediately flags them as malware. After some time, if nothing malicious is detected in the quarantined files, the sandbox declares them as safe and releases them from quarantine. Sandboxes can send the details to the vendor’s threat intelligence service so that the details can be shared worldwide. Sandboxing products take a suspect file and places it in an environment where its behaviors can be closely analyzed. *Depending on the configuration, the owner of the sandbox can propagate this new knowledge across their network security environment
What happens when each known malware file is represented by a one-to-one signature approach? Select one: There are more vendor organizations that are able to keep up with the increasing number of malware files. The malware count increases daily, however it can be detected early by a one-to-one signature approach. The variations of malware are easily detected thanks to the affordability of malware kits. Malware-as-a-service organizations provide do-it-yourself malware kits as a solution. *It does not scale well, because the number of malware files increases by millions or more each day.
What happened when malware became more sophisticated and able to change its own file content? Select one: One new type of malware was detected per year, resulting in the growth of the malware family. A single type of malware did not multiply and no bad behavior was detected. *A single type of malware became an entire malware family, consisting of perhaps thousands of different files, but each file performing the same bad behaviors. Malware signatures did not change, and it was not able to sneak by older antivirus products. Less sophisticated malware was still able to evade classic signature-based scanning.
The threat intelligence service catalogs data about existing or emerging attacks, including the specific mechanisms of the attack, and evidence that the attack has happened.
What is this data also known as? Select one: Intelligence catalogs *Indicators of compromise Artificial intelligence Machine learning Sandboxing