[Mar-2026] 312-85 Exam Questions and Valid 312-85 Dumps PDF [Q30-Q54]

Share

[Mar-2026] 312-85 Exam Questions and Valid 312-85 Dumps PDF

312-85 Brain Dump: A Study Guide with Tips & Tricks for passing Exam


ECCouncil 312-85, also known as the Certified Threat Intelligence Analyst (CTIA) certification exam, is an internationally recognized certification that validates an individual's expertise in identifying and analyzing cyber threats. 312-85 exam is designed for professionals who are responsible for protecting sensitive information and critical infrastructure from cyber threats. The CTIA certification exam is a testament to the individual's ability to provide effective threat intelligence solutions to organizations worldwide.


The CTIA certification exam is a vendor-neutral certification, meaning that it is not tied to any specific technology or platform. This makes it an ideal certification for cybersecurity professionals who are looking to enhance their skills and knowledge in threat intelligence without being limited to a specific vendor or product. It is also a valuable certification for organizations looking to hire skilled threat intelligence professionals who can help them stay ahead of emerging security threats.

 

NEW QUESTION # 30
Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.
Which of the following online sources should Alice use to gather such information?

  • A. Hacking forums
  • B. Social network settings
  • C. Job sites
  • D. Financial services

Answer: A

Explanation:
Alice, looking to gather information on emerging threats including attack methods, tools, and post-attack techniques, should turn to hacking forums. These online platforms are frequented by cybercriminals and security researchers alike, where information on the latest exploits, malware, and hacking techniques is shared and discussed. Hacking forums can provide real-time insights into the tactics, techniques, and procedures (TTPs) used by threat actors, offering a valuable resource for threat intelligence analysts aiming to enhance their organization's defenses.References:
* "Hacking Forums: A Ground for Cyber Threat Intelligence," by Digital Shadows
* "The Value of Hacking Forums for Threat Intelligence," by Flashpoint


NEW QUESTION # 31
An analyst wants to disseminate the information effectively so that the consumers can acquire and benefit out of the intelligence.
Which of the following criteria must an analyst consider in order to make the intelligence concise, to the point, accurate, and easily understandable and must consist of a right balance between tables, narrative, numbers, graphics, and multimedia?

  • A. The right content
  • B. The right presentation
  • C. The right time
  • D. The right order

Answer: B


NEW QUESTION # 32
Walter and Sons Company has faced major cyber attacks and lost confidential dat a. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.
Which of the following techniques will help Alice to perform qualitative data analysis?

  • A. Finding links between data and discover threat-related information
  • B. Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on
  • C. Regression analysis, variance analysis, and so on
  • D. Numerical calculations, statistical modeling, measurement, research, and so on.

Answer: B


NEW QUESTION # 33
During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary's information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.

  • A. Technical threat intelligence analysis
  • B. Strategic threat intelligence analysis
  • C. Operational threat intelligence analysis
  • D. Tactical threat intelligence analysis

Answer: D

Explanation:
Tactical threat intelligence analysis focuses on the immediate, technical indicators of threats, such as the tactics, techniques, and procedures (TTPs) used by adversaries, their communication channels, the tools and software they utilize, and their strategies for evading forensic analysis. This type of analysis is crucial for operational defenses and is used by security teams to adjust their defenses against current threats. Since John successfully extracted information related to the adversaries' modus operandi, tools, communication channels, and evasion strategies, he is performing tactical threat intelligence analysis. This differs from strategic and operational threat intelligence, which focus on broader trends and specific operations, respectively, and from technical threat intelligence, which deals with technical indicators like malware signatures and IPs.
References:
"Tactical Cyber Intelligence," by Cyber Threat Intelligence Network, Inc.
"Intelligence-Driven Incident Response: Outwitting the Adversary," by Scott J. Roberts and Rebekah Brown


NEW QUESTION # 34
An autonomous robot was deployed to navigate and learn about the environment. Through a trial-and-error process, the robot refines its actions based on positive or negative feedback to maximize cumulative rewards.
What type of machine learning will the robot employ in this scenario?

  • A. Supervised learning
  • B. Unsupervised learning
  • C. Semi-supervised learning
  • D. Reinforcement learning

Answer: D

Explanation:
In this scenario, the robot learns through trial and error, receiving positive or negative feedback to improve its actions over time. This describes Reinforcement Learning (RL).
Reinforcement Learning is a machine learning approach where an agent interacts with an environment to achieve a goal. It learns optimal behavior by taking actions, receiving feedback (rewards or penalties), and refining its strategy to maximize cumulative rewards.
This method is widely used in robotics, game theory, and autonomous systems where explicit labeled data is not available, but performance can be measured by rewards.
Why the Other Options Are Incorrect:
* Unsupervised learning: Involves finding patterns or clusters in unlabeled data without feedback.
* Semi-supervised learning: Combines a small set of labeled data with a large amount of unlabeled data.
* Supervised learning: Requires labeled datasets to train models on known input-output pairs.
Conclusion:
The robot uses Reinforcement Learning to optimize its performance based on feedback loops.
Final Answer: C. Reinforcement learning
Explanation Reference (Based on CTIA Study Concepts):
Under the CTIA topic "Machine Learning in Threat Intelligence," reinforcement learning is defined as feedback-driven learning through reward and punishment signals.


NEW QUESTION # 35
During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary's information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.

  • A. Technical threat intelligence analysis
  • B. Strategic threat intelligence analysis
  • C. Operational threat intelligence analysis
  • D. Tactical threat intelligence analysis

Answer: D


NEW QUESTION # 36
A threat analyst wants to incorporate a requirement in the threat knowledge repository that provides an ability to modify or delete past or irrelevant threat data.
Which of the following requirement must he include in the threat knowledge repository to fulfil his needs?

  • A. Data management
  • B. Evaluating performance
  • C. Searchable functionality
  • D. Protection ranking

Answer: A

Explanation:
Incorporating a data management requirement in the threat knowledge repository is essential to provide the ability to modify or delete past or irrelevant threat data. Effective data management practices ensure that the repository remains accurate, relevant, and up-to-date by allowing for the adjustment and curation of stored information. This includes removing outdated intelligence, correcting inaccuracies, and updating information as new insights become available. A well-managed repository supports the ongoing relevance and utility of the threat intelligence, aiding in informed decision-making and threat mitigation strategies.References:
* "Building and Maintaining a Threat Intelligence Library," by Recorded Future
* "Best Practices for Creating a Threat Intelligence Policy, and How to Use It," by SANS Institute


NEW QUESTION # 37
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

  • A. Unusual activity through privileged user account
  • B. Unusual outbound network traffic
  • C. Geographical anomalies
  • D. Unexpected patching of systems

Answer: C


NEW QUESTION # 38
Cybersol Technologies initiated a cyber-threat intelligence program with a team of threat intelligence analysts. During the process, the analysts started converting the raw data into useful information by applying various techniques, such as machine-based techniques, and statistical methods.
In which of the following phases of the threat intelligence lifecycle is the threat intelligence team currently working?

  • A. Dissemination and integration
  • B. Processing and exploitation
  • C. Analysis and production
  • D. Planning and direction

Answer: B


NEW QUESTION # 39
Which of the following types of threat attribution deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target?

  • A. Campaign attribution
  • B. Nation-state attribution
  • C. Intrusion-set attribution
  • D. True attribution

Answer: D

Explanation:
True attribution in the context of cyber threats involves identifying the actual individual, group, or nation-state behind an attack or intrusion. This type of attribution goes beyond associating an attack with certain tactics, techniques, and procedures (TTPs) or a known group and aims to pinpoint the real-world entity responsible.
True attribution ischallenging due to the anonymity of the internet and the use of obfuscation techniques by attackers, but it is crucial for understanding the motive behind an attack and for forming appropriate responses at diplomatic, law enforcement, or cybersecurity levels.References:
* "Attribution of Cyber Attacks: A Framework for an Evidence-Based Analysis" by Jason Healey
* "The Challenges of Attribution in Cyberspace" in the Journal of Cyber Policy


NEW QUESTION # 40
Bob is a threat intelligence analyst in Global Technologies Inc. While extracting threat intelligence, he identified that the organization is vulnerable to various application threats that can be exploited by attackers.
Which of the following are the possible application threats that have been identified by Bob?

  • A. DNS and ARP poisoning
  • B. SQL injection and buffer overflow attack
  • C. Man-in-the-middle attack and physical security attack
  • D. Footprinting and spoofing

Answer: B

Explanation:
The question specifies that the vulnerabilities are application threats.
SQL injection and buffer overflow are both classic examples of application-layer attacks that target flaws in code and software design.
* SQL Injection: Exploits improper input validation in database queries, allowing attackers to execute malicious SQL statements.
* Buffer Overflow: Occurs when a program writes more data into a buffer than it can handle, leading to memory corruption and potential remote code execution.
Why the Other Options Are Incorrect:
* B. Man-in-the-middle and physical security attack: MITM is a network attack, and physical attacks are not application-based.
* C. DNS and ARP poisoning: These are network-level attacks, not application-level.
* D. Footprinting and spoofing: Both are reconnaissance or identity-deception techniques, not application-layer threats.
Conclusion:
Bob identified application threats, namely SQL Injection and Buffer Overflow attacks.
Final Answer: A. SQL injection and buffer overflow attack
Explanation Reference (Based on CTIA Study Concepts):
CTIA categorizes SQL injection and buffer overflow as application-level vulnerabilities exploited through improper input handling and insecure coding.


NEW QUESTION # 41
Flora, a threat intelligence analyst at PanTech Cyber Solutions, is working on a threat intelligence program.
She is trying to collect the company's crucial information through online job sites.
Which of the following information will Flora obtain through job sites?

  • A. Open ports and services
  • B. Hardware and software information, network-related information, and technologies used by the company
  • C. Top-level domains and subdomains of the company

Answer: B

Explanation:
When attackers or analysts search job postings on online job portals, they often uncover technical details inadvertently shared by organizations.
Job listings frequently mention:
* Hardware and software used (e.g., "experience with Cisco firewalls, Windows Server 2019").
* Network details and tools (e.g., "knowledge of LAN/WAN, AWS, Azure").
* Security technologies (e.g., "SIEM tools like Splunk or QRadar").
This information can help analysts identify the technological footprint of the company, which is valuable during threat profiling or reconnaissance.
Why the Other Options Are Incorrect:
* B. Top-level domains and subdomains: Obtained through DNS enumeration tools, not job sites.
* C. Open ports and services: Found through active scanning tools like Nmap, not via job postings.
Conclusion:
Flora can obtain hardware, software, and network-related information from online job listings.
Final Answer: A. Hardware and software information, network-related information, and technologies used by the company Explanation Reference (Based on CTIA Study Concepts):
CTIA recognizes online job sites as OSINT sources that can reveal technical environment details about organizations.


NEW QUESTION # 42
During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary's information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.

  • A. Technical threat intelligence analysis
  • B. Strategic threat intelligence analysis
  • C. Operational threat intelligence analysis
  • D. Tactical threat intelligence analysis

Answer: D

Explanation:
Tactical threat intelligence analysis focuses on the immediate, technical indicators of threats, such as the tactics, techniques, and procedures (TTPs) used by adversaries, their communication channels, the tools and software they utilize, and their strategies for evading forensic analysis. This type of analysis is crucial for operational defenses and is used by security teams to adjust their defenses against current threats. Since John successfully extracted information related to the adversaries' modus operandi, tools, communication channels, and evasion strategies, he is performing tactical threat intelligence analysis. This differs from strategic and operational threat intelligence, which focus on broader trends and specific operations, respectively, and from technical threat intelligence, which deals with technical indicators like malware signatures and IPs.References:
* "Tactical Cyber Intelligence," by Cyber Threat Intelligence Network, Inc.
* "Intelligence-Driven Incident Response: Outwitting the Adversary," by Scott J. Roberts and Rebekah Brown


NEW QUESTION # 43
What term describes the trust establishment process, wherein the first organization relies on a body of evidence presented to the second organization, and the level of trust is contingent upon the degree and quality of evidence provided by the initiating organization?

  • A. Validated trust
  • B. Mediated trust
  • C. Direct historical trust
  • D. Mandated trust

Answer: A

Explanation:
The scenario describes a trust establishment process where one organization bases its trust in another on the degree and quality of evidence that the second organization provides. This concept is known as Validated Trust.
Validated Trust is built through the verification and assessment of presented evidence such as certifications, security audits, compliance documentation, or past performance. The higher the credibility and quality of the evidence, the greater the level of trust established.
This type of trust is evidence-based, meaning it does not rely solely on previous interactions or third-party mediation but on verifiable proof provided directly between the entities involved.
Why the Other Options Are Incorrect:
* A. Mandated Trust:This is imposed by regulation, policy, or authority. It is not based on evidence but on obligation or requirement.
* B. Direct Historical Trust:This trust is formed from prior experiences and a consistent history of interactions between the entities. It does not depend on new evidence or documentation.
* D. Mediated Trust:This form of trust is established through an intermediary (such as a trusted third party or certificate authority) who vouches for the credibility of one organization to another.
Conclusion:
The process where trust is established based on the degree and quality of evidence provided by one party is known as Validated Trust.
Final Answer: C. Validated Trust
Explanation Reference (Based on CTIA Study Concepts):
According to the CTIA study topics under "Information Sharing and Trust Establishment," validated trust is the level of confidence gained through verification of tangible evidence, certifications, or attestations demonstrating security assurance and reliability.


NEW QUESTION # 44
Jame, a professional hacker, is trying to hack the confidential information of a target organization. He identified the vulnerabilities in the target system and created a tailored deliverable malicious payload using an exploit and a backdoor to send it to the victim.
Which of the following phases of cyber kill chain methodology is Jame executing?

  • A. Weaponization
  • B. Installation
  • C. Reconnaissance
  • D. Exploitation

Answer: A

Explanation:
In the cyber kill chain methodology, the phase where Jame is creating a tailored malicious deliverable that includes an exploit and a backdoor is known as 'Weaponization'. During this phase, the attacker prepares by coupling a payload, such as a virus or worm, with an exploit into a deliverable format, intending to compromise the target's system. This step follows the initial 'Reconnaissance' phase, where the attacker gathers information on the target, and precedes the 'Delivery' phase, where the weaponized bundle is transmitted to the target. Weaponization involves the preparation of the malware to exploit the identified vulnerabilities in the target system.References:
* Lockheed Martin's Cyber Kill Chain framework
* "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," leading to the development of the Cyber Kill Chain framework


NEW QUESTION # 45
Tyrion, a professional hacker, is targeting an organization to steal confidential information. He wants to perform website footprinting to obtain the following information, which is hidden in the web page header.
Connection status and content type
Accept-ranges and last-modified information
X-powered-by information
Web server in use and its version
Which of the following tools should the Tyrion use to view header content?

  • A. Burp suite
  • B. Hydra
  • C. AutoShun
  • D. Vanguard enforcer

Answer: A

Explanation:
Burp Suite is a comprehensive tool used for web application security testing, which includes functionality for viewing and manipulating the HTTP/HTTPS headers of web page requests and responses. This makes it an ideal tool for someone like Tyrion, who is looking to perform website footprinting to gather information hidden in the web page header, such as connection status, content type, server information, and other metadata that can reveal details about the web server and its configuration. Burp Suite allows users to intercept, analyze, and modify traffic between the browser and the web server, which is crucial for uncovering such hidden information.References:
* "Burp Suite Essentials" by Akash Mahajan
* Official Burp Suite Documentation


NEW QUESTION # 46
While monitoring network activities, an unusual surge in outbound traffic was noticed, and a potential security incident was suspected. In the context of incident responses, what is the initial stage at which you actively recognize and confirm the presence of an incident?

  • A. Eradication
  • B. Recovery
  • C. Identification
  • D. Containment

Answer: C

Explanation:
In the incident response process, the Identification phase is the first active stage where analysts and responders detect and confirm that a security incident has occurred or is in progress.
When an unusual surge in outbound traffic is observed, analysts start investigating alerts, logs, and events to determine whether the activity indicates a genuine security incident. This process includes correlating data, analyzing patterns, and confirming abnormal or malicious behavior. Once confirmed, the situation moves officially from an event to an incident.
Key Objectives of the Identification Phase:
* Detect potential security events through monitoring and alerts.
* Analyze anomalies to verify if an incident truly exists.
* Classify and prioritize the incident based on severity and impact.
* Document findings for escalation to containment and eradication stages.
Why the Other Options Are Incorrect:
* B. Recovery:This is a later phase where systems are restored to normal operations after an incident has been resolved. It occurs after containment and eradication.
* C. Containment:This phase involves isolating affected systems to prevent the spread or escalation of the incident. It happens after identification.
* D. Eradication:This phase focuses on removing the root cause of the incident (e.g., deleting malware, closing vulnerabilities) and also occurs after containment.
Conclusion:
The initial stage where the presence of a security incident is recognized and confirmed is the Identification phase.
Final Answer: A. Identification
Explanation Reference (Based on CTIA Study Concepts):
According to the CTIA study materials under the section "Incident Response Integration and Threat Intelligence," the Identification phase is where organizations detect and verify anomalies, confirming whether a security incident has occurred before proceeding to containment and recovery.


NEW QUESTION # 47
H&P, Inc. is a small-scale organization that has decided to outsource the network security monitoring due to lack of resources in the organization. They are looking for the options where they can directly incorporate threat intelligence into their existing network defense solutions.
Which of the following is the most cost-effective methods the organization can employ?

  • A. Recruit data management solution provider
  • B. Recruit the right talent
  • C. Recruit managed security service providers (MSSP)
  • D. Look for an individual within the organization

Answer: C


NEW QUESTION # 48
In which of the following storage architecture is the data stored in a localized system, server, or storage hardware and capable of storing a limited amount of data in its database and locally available for data usage?

  • A. Cloud storage
  • B. Distributed storage
  • C. Object-based storage
  • D. Centralized storage

Answer: D

Explanation:
Centralized storage architecture refers to a system where data is stored in a localized system, server, or storage hardware. This type of storage is capable of holding a limited amount of data in its database and is locally available for data usage. Centralized storage is commonly used in smaller organizations or specific departments within larger organizations where the volume of data is manageable and does not require the scalability offered by distributed or cloud storage solutions. Centralized storage systems simplify data management and access but might present challenges in terms of scalabilityand data recovery.References:
* "Data Storage Solutions for Your Business: Centralized vs. Decentralized," Techopedia
* "The Basics of Centralized Data Storage," by Margaret Rouse, SearchStorage


NEW QUESTION # 49
John, a threat intelligence analyst in CyberTech Company, was asked to obtain information that provides greater insight into the current cyber risks. To gather such information, John needs to find the answers to the following questions:
* Why the organization might be attacked?
* How the organization might be attacked?
* Who might be the intruders?Identify the type of security testing John is going to perform.

  • A. Black box testing
  • B. Intelligence-led security testing
  • C. White box testing

Answer: B

Explanation:
The focus of John's testing is understanding the motives, methods, and identity of potential attackers. This type of approach aligns with Intelligence-Led Security Testing.
Intelligence-Led Security Testing uses real-world threat intelligence to simulate realistic cyberattack scenarios. It provides insight into adversary behavior, motivations, and techniques, helping organizations assess their resilience against targeted threats.
Such testing answers the why, how, and who questions of potential attacks and is used to validate security controls based on threat actor profiles and campaigns.
Why the Other Options Are Incorrect:
* A. White box testing: The tester has full knowledge of systems and configurations; it focuses on internal vulnerabilities, not adversary motives.
* C. Black box testing: The tester has no prior knowledge of the system; it focuses on external attacks, not on intelligence-driven insights about attackers.
Conclusion:
John is performing Intelligence-Led Security Testing, which combines threat intelligence with security assessment to evaluate real-world risks.
Final Answer: B. Intelligence-led security testing
Explanation Reference (Based on CTIA Study Concepts):
In CTIA, intelligence-led testing integrates threat intelligence with penetration testing to replicate realistic adversary scenarios.


NEW QUESTION # 50
Henry. a threat intelligence analyst at ABC Inc., is working on a threat intelligence program. He was assigned to work on establishing criteria for prioritization of intelligence needs and requirements.
Which of the following considerations must be employed by Henry to prioritize intelligence requirements?

  • A. Understand frequency and impact of a threat
  • B. Understand data reliability
  • C. Produce actionable data
  • D. Develop a collection plan

Answer: A

Explanation:
When prioritizing intelligence requirements, it is crucial to understand the frequency and impact of various threats. This approach helps in allocating resources effectively, focusing on threats that are both likely to occur and that would have significant consequences if they did. By assessing threats based on these criteria, Henry can ensure that the threat intelligence program addresses the most pressing and potentially damaging threats first, thereby enhancing the organization's security posture. This prioritization is essential for effective threat management and for ensuring that the most critical threats are addressed promptly.
References:
"Cyber Threat Intelligence: Prioritizing and Using CTI Effectively," by SANS Institute
"Threat Intelligence: What It Is, and How to Use It Effectively," by Gartner


NEW QUESTION # 51
Jack is a professional hacker who wants to perform remote exploitation on the target system of an organization. He established a two-way communication channel between the victim's system and his server.
He used encryption techniques to hide the presence of a communication channel on a victim's system and further applied privilege escalation techniques to exploit the system.
What phase of the cyber kill chain methodology is Jack currently in?

  • A. Weaponization
  • B. Reconnaissance
  • C. Delivery
  • D. Command and Control

Answer: D

Explanation:
In the Cyber Kill Chain model, the Command and Control (C2) phase refers to the stage where the attacker establishes a communication channel between the compromised system and their own server to maintain remote control, issue commands, and exfiltrate data.
In the given scenario, Jack has already compromised the system and set up a two-way communication link, which is encrypted to avoid detection. This activity is characteristic of the Command and Control phase.
Key Characteristics of the Command and Control Phase:
* The attacker establishes remote communication with the compromised host.
* Encryption or obfuscation methods are used to hide the channel.
* The attacker uses this channel to send further commands, escalate privileges, and execute malicious actions.
* Typical tools: Remote Access Trojans (RATs), backdoors, and tunneling techniques.
Why the Other Options Are Incorrect:
* B. Weaponization:This phase involves creating or configuring the malicious payload or exploit (e.g., binding malware to a document or executable). It occurs before the attack delivery.
* C. Reconnaissance:The attacker gathers information about the target (network structure, vulnerabilities) before launching an attack.
* D. Delivery:This phase involves transmitting the weaponized payload to the target through methods such as email attachments, infected links, or USB drives.
Conclusion:
By establishing an encrypted communication channel and controlling the victim's system remotely, Jack is in the Command and Control phase of the Cyber Kill Chain.
Final Answer: A. Command and Control
Explanation Reference (Based on CTIA Study Concepts):
As defined in CTIA materials under "Adversary Tactics, Techniques, and Procedures (TTPs)" and "Cyber Kill Chain Stages," the Command and Control phase involves creating and maintaining communication between compromised hosts and attacker infrastructure for persistent access and control.


NEW QUESTION # 52
Moses, a threat intelligence analyst at InfoTec Inc., wants to find crucial information about the potential threats the organization is facing by using advanced Google search operators. He wants to identify whether any fake websites are hosted at the similar to the organization's URL.
Which of the following Google search queries should Moses use?

  • A. link: www.infothech.org
  • B. related: www.infothech.org
  • C. cache: www.infothech.org
  • D. info: www.infothech.org

Answer: B


NEW QUESTION # 53
An analyst is conducting threat intelligence analysis in a client organization, and during the information gathering process, he gathered information from the publicly available sources and analyzed to obtain a rich useful form of intelligence. The information source that he used is primarily used for national security, law enforcement, and for collecting intelligence required for business or strategic decision making.
Which of the following sources of intelligence did the analyst use to collect information?

  • A. ISAC
  • B. OSINT
  • C. SIGINT
  • D. OPSEC

Answer: B

Explanation:
The analyst used Open Source Intelligence (OSINT) to gather information from publicly available sources.
OSINT involves collecting and analyzing information from publicly accessible sources to produce actionable intelligence. This can include media reports, public government data, professional and academic publications, and information available on the internet. OSINT is widely used for national security, law enforcement, and business intelligence purposes, providing a rich source of information for making informed decisions and understanding the threat landscape.References:
* "Open Source Intelligence (OSINT) Tools and Techniques," by SANS Institute
* "The Role of OSINT in Cybersecurity and Threat Intelligence," by Recorded Future


NEW QUESTION # 54
......

312-85 Exam Questions: Free PDF Download Recently Updated Questions: https://www.passcollection.com/312-85_real-exams.html

312-85 Certification Exam Dumps with 90 Practice Test Questions: https://drive.google.com/open?id=1Lm5kZPB34V4aoaPxGCMjYKDwWWMMsR9g