Sheet 2 - Threat Intelligence

📗 Sheet 2: Threat Intelligence & Threat Hunting

#	Question	Answer
Q1	Primary purpose of threat intelligence?	B) To provide contextualized, actionable insights to inform security decisions
Q2	Which phase involves defining intelligence needs?	C) Planning, Requirements, and Direction
Q3	Which type provides insight into high-level trends and motivations?	C) Strategic Intelligence
Q4	What does TLP Amber signify?	C) Information is for the recipient's organization only
Q5	Example of a tactical IOC?	B) A malicious IP address or file hash
Q6	Framework describing attacker actions from recon to exfiltration?	B) MITRE ATT&CK Framework
Q7	What is "noise" in threat intelligence?	B) Unverified, irrelevant, or low-context data
Q8	Common challenge in threat intelligence?	B) Data Overload
Q9	Main benefit of STIX?	B) It provides a standardized format to exchange threat data
Q10	Which describes a Zero-Day attack?	B) An attack that exploits a vulnerability before the vendor has released a patch

#	Question	Answer
Q1	Primary difference between threat hunting and incident response?	C) Threat hunting is proactive; incident response is reactive
Q2	Main goal of threat hunting?	B) To proactively discover threats that have evaded security solutions
Q3	Which is NOT a phase in the threat hunting methodology?	C) Data Destruction
Q4	What does behavioral detection focus on?	C) Anomalies in user behavior, network, or system processes
Q5	Tool commonly used by threat hunters to analyze logs?	A) SIEM (Security Information and Event Management)
Q6	What is a "Hypothesis-driven" hunt?	C) A hunt based on a "what if" scenario regarding adversary behavior
Q7	What is an Indicator of Compromise (IOC)?	B) An observable sign that a system may have been compromised
Q8	Framework used to classify adversary techniques and tactics?	B) MITRE ATT&CK
Q9	The Diamond Model of Intrusion Analysis is used to:	B) Analyze and visualize cyber threat activities
Q10	What does the Threat Hunting Maturity Model measure?	C) The capability of an organization to detect threats
Q11	Which HTTP method is frequently analyzed for malicious activity?	D) All of the above
Q12	Benefit of machine learning in threat hunting?	B) It helps identify patterns and anomalies in large datasets