
NEW 2021 Certification Sample Questions 312-85 Dumps & Practice Exam
312-85 Deluxe Study Guide with Online Test Engine
ECCouncil 312-85 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
| Topic 12 |
|
| Topic 13 |
|
NEW QUESTION 21
Alison, an analyst in an XYZ organization, wants to retrieve information about a company's website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.
- A. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.
- B. Alison should run the Web Data Extractor tool to extract the required website information.
- C. Alison should use https://archive.org to extract the required website information.
- D. Alison should use SmartWhois to extract the required website information.
Answer: B
NEW QUESTION 22
Tim is working as an analyst in an ABC organization. His organization had been facing many challenges in converting the raw threat intelligence data into meaningful contextual information. After inspection, he found that it was due to noise obtained from misrepresentation of data from huge data collections. Hence, it is important to clean the data before performing data analysis using techniques such as data reduction. He needs to choose an appropriate threat intelligence framework that automatically performs data collection, filtering, and analysis for his organization.
Which of the following threat intelligence frameworks should he choose to perform such task?
- A. HighCharts
- B. SIGVERIF
- C. TC complete
- D. Threat grid
Answer: C
NEW QUESTION 23
H&P, Inc. is a small-scale organization that has decided to outsource the network security monitoring due to lack of resources in the organization. They are looking for the options where they can directly incorporate threat intelligence into their existing network defense solutions.
Which of the following is the most cost-effective methods the organization can employ?
- A. Look for an individual within the organization
- B. Recruit data management solution provider
- C. Recruit the right talent
- D. Recruit managed security service providers (MSSP)
Answer: D
NEW QUESTION 24
Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?
- A. Known knowns
- B. Unknown unknowns
- C. Unknowns unknown
- D. Known unknowns
Answer: D
NEW QUESTION 25
Which of the following components refers to a node in the network that routes the traffic from a workstation to external command and control server and helps in identification of installed malware in the network?
- A. Gateway
- B. Hub
- C. Repeater
- D. Network interface card (NIC)
Answer: A
NEW QUESTION 26
An XYZ organization hired Mr. Andrews, a threat analyst. In order to identify the threats and mitigate the effect of such threats, Mr. Andrews was asked to perform threat modeling. During the process of threat modeling, he collected important information about the treat actor and characterized the analytic behavior of the adversary that includes technological details, goals, and motives that can be useful in building a strong countermeasure.
What stage of the threat modeling is Mr. Andrews currently in?
- A. Threat profiling and attribution
- B. Threat determination and identification
- C. System modeling
- D. Threat ranking
Answer: A
NEW QUESTION 27
Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?
- A. Mediated trust
- B. Validated trust
- C. Mandated trust
- D. Direct historical trust
Answer: B
NEW QUESTION 28
Karry, a threat analyst at an XYZ organization, is performing threat intelligence analysis. During the data collection phase, he used a data collection method that involves no participants and is purely based on analysis and observation of activities and processes going on within the local boundaries of the organization.
Identify the type data collection method used by the Karry.
- A. Exploited data collection
- B. Active data collection
- C. Raw data collection
- D. Passive data collection
Answer: D
NEW QUESTION 29
In which of the following attacks does the attacker exploit vulnerabilities in a computer application before the software developer can release a patch for them?
- A. Advanced persistent attack
- B. Zero-day attack
- C. Distributed network attack
- D. Active online attack
Answer: B
NEW QUESTION 30
Jian is a member of the security team at Trinity, Inc. He was conducting a real-time assessment of system activities in order to acquire threat intelligence feeds. He acquired feeds from sources like honeynets, P2P monitoring. infrastructure, and application logs.
Which of the following categories of threat intelligence feed was acquired by Jian?
- A. CSV data feeds
- B. Internal intelligence feeds
- C. External intelligence feeds
- D. Proactive surveillance feeds
Answer: B
NEW QUESTION 31
John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?
- A. Search and exfiltration
- B. Expansion
- C. Persistence
- D. Initial intrusion
Answer: B
NEW QUESTION 32
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?
- A. DHCP attacks
- B. MAC spoofing attack
- C. Distributed Denial-of-Service (DDoS) attack
- D. Bandwidth attack
Answer: C
NEW QUESTION 33
Sam works as an analyst in an organization named InfoTech Security. He was asked to collect information from various threat intelligence sources. In meeting the deadline, he forgot to verify the threat intelligence sources and used data from an open-source data provider, who offered it at a very low cost. Through it was beneficial at the initial stage but relying on such data providers can produce unreliable data and noise putting the organization network into risk.
What mistake Sam did that led to this situation?
- A. Sam used data without context.
- B. Sam used unreliable intelligence sources.
- C. Sam did not use the proper technology to use or consume the information.
- D. Sam did not use the proper standardization formats for representing threat data.
Answer: C
NEW QUESTION 34
A team of threat intelligence analysts is performing threat analysis on malware, and each of them has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic processes must threat intelligence manager use?
- A. Threat modelling
- B. Analysis of competing hypotheses (ACH)
- C. Application decomposition and analysis (ADA)
- D. Automated technical analysis
Answer: B
NEW QUESTION 35
A network administrator working in an ABC organization collected log files generated by a traffic monitoring system, which may not seem to have useful information, but after performing proper analysis by him, the same information can be used to detect an attack in the network.
Which of the following categories of threat information has he collected?
- A. Strategic reports
- B. Low-level data
- C. Advisories
- D. Detection indicators
Answer: D
NEW QUESTION 36
Walter and Sons Company has faced major cyber attacks and lost confidential dat a. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.
Which of the following techniques will help Alice to perform qualitative data analysis?
- A. Numerical calculations, statistical modeling, measurement, research, and so on.
- B. Finding links between data and discover threat-related information
- C. Regression analysis, variance analysis, and so on
- D. Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on
Answer: D
NEW QUESTION 37
Tracy works as a CISO in a large multinational company. She consumes threat intelligence to understand the changing trends of cyber security. She requires intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, improvement of processes, and staff. The intelligence helps her in minimizing business risks and protecting the new technology and business initiatives.
Identify the type of threat intelligence consumer is Tracy.
- A. Tactical users
- B. Strategic users
- C. Technical users
- D. Operational users
Answer: B
NEW QUESTION 38
Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.
Which of the following online sources should Alice use to gather such information?
- A. Social network settings
- B. Job sites
- C. Financial services
- D. Hacking forums
Answer: D
NEW QUESTION 39
Henry. a threat intelligence analyst at ABC Inc., is working on a threat intelligence program. He was assigned to work on establishing criteria for prioritization of intelligence needs and requirements.
Which of the following considerations must be employed by Henry to prioritize intelligence requirements?
- A. Understand data reliability
- B. Understand frequency and impact of a threat
- C. Produce actionable data
- D. Develop a collection plan
Answer: B
NEW QUESTION 40
Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive dat a. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?
- A. Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.
- B. Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.
- C. Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.
- D. Jim should identify the attack at an initial stage by checking the content of the user agent field.
Answer: C
NEW QUESTION 41
......
312-85 dumps review - Professional Quiz Study Materials: https://www.vceengine.com/312-85-vce-test-engine.html
312-85 Test Prep Training Practice Exam Questions Practice Tests: https://drive.google.com/open?id=12I5fB8qqyDQn-Pxt12gPv2nOtjuc8AhU
