Scribd Logo
Carica

Benvenuto in Scribd!

  • Kaspersky Threat Intelligence

    Caricato da

    Semir Seferovic
    986 visualizzazioni5 pagine
    Kaspersky Threat Intelligence

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Kaspersky Threat Intelligence

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    986 visualizzazioni5 pagine

    Kaspersky Threat Intelligence

    Caricato da

    Semir Seferovic
    Kaspersky Threat Intelligence

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    1. With which of the following utilities can you use Yara rules from APT reports?

    You have
    reached the max number of allowed answers

    YaraScanner

    Loki

    Yara

    Kaspersky Threat Scanner

    2. Which services by Kaspersky Lab provide detailed information on hashes of malicious


    files, including URLs where the file was detected, and its activities in the system?You have
    reached the max number of allowed answers

    Threat Data Feeds

    Threat Lookup

    APT Reporting

    Security Assessment

    3. To interact with Threat Intelligence Portal API, you can use:You have reached the max
    number of allowed answers

    Kaspersky CyberTrace

    cURL utility

    ktl_lookup script

    Any HTTP client

    4. Which request types can you send using Threat Intelligence Portal API?You have reached
    the max number of allowed answers

    IP

    Domain

    URL

    Hash

    CANCELRESETNEXT
    5. Which category do Threat Data Feeds pertain to in the Adaptive Security model?
    Predict

    Detect

    Prevent

    Respond

    6. Which of the following scenarios would benefit most from using Threat Data Feeds?

    An organization wants to detect APT

    An organization wants to prevent security incidents

    An organization wants to detect targeted attacks

    An organization wants to have an additional protection layer against traditional attacks

    7. Which security risks do Threat Data Feeds help to mitigate?You have reached the max
    number of allowed answers

    Guest notebooks that do not meet the internal security policy

    Local privilege escalation

    A server without antivirus protection

    Lateral movement

    Bring Your Own Device

    8. Which data are used together with SIEM systems to detect an attack?

    Yara rules

    Antivirus signatures

    IoC

    Snort signatures

    9. A few computers of ABC Inc. have become a part of a botnet. Which Threat Data Feeds
    can help IS officers to detect bots installed on the workstations and associate them with the
    botnet?

    Botnet C&C
    Malicious hash feeds

    Mobile botnet feeds

    10. You aim to reduce the load on the mail gateway and improve anti-spam protection. How
    can Threat Data Feeds help you?

    You can make the mail gateway block spamming IP addresses listed in the feeds

    You can make the mail gateway block any addresses that have rating 75 or more according to IP Reputation
    feeds

    You can make the mail gateway block addresses that pertain to the spam category according to IP Reputation
    feeds

    You can make the mail gateway block addresses that pertain to the spam category and have rating 75 or more
    according to IP Reputation feeds

    11. Which of the following file categories CANNOT be included in Whitelisting Threat Data
    Feeds?

    Clean files

    Potentially dangerous (Riskware)

    Malicious files

    Files of undefined status

    All of the above groups may get in the feeds

    12. In which format are Threat Data Feeds supplied?

    binary

    json

    stix

    csv

    openioc

    13. How to receive Threat Data Feeds in OpenIoC format?

    Use the KL Feed Utility

    Threat Data Feeds are supplied in OpenIoC format by default


    Use the kl_feed_filter utility

    Add the ?type=openioc parameter to the Threat Data Feeds URL in download_feeds.py

    19. For which SIEM systems are customized distributions of Kaspersky CyberTrace
    available?

    RSA NetWitness

    Splunk

    MicroFocus ArcSight

    McAfee ESM

    IBM Security QRadar

    LogRhythm

    20. How can Kaspersky CyberTrace receive events from external systems?

    Using RPC

    Using WMI

    Using SNMP support

    Using Syslog protocol

    21. Which software must be installed in Linux-like operating systems for correct operation
    of Kaspersky CyberTrace?

    more

    gcc

    unzip

    Python 3.5

    22. Which data feeds can be loaded to Kaspersky CyberTrace?

    Data feeds by Kaspersky Lab

    Data feeds by other vendors


    Open-source threat intelligence (OSINT) feeds

    All of the above

    23. The Feed Service component of Kaspersky CyberTrace:

    Compiles URL masks

    Receives events from sources

    Searches the events for indicators from the feeds

    Provides a management web interface over HTTPS

    24. Which of the following can you use when creating normalization rules for incoming
    events in Kaspersky CyberTrace?

    Regular expressions

    Masks

    JavaScript

    None of the above

    25. By default, Kaspersky CyberTrace web interface is accessible on port:

    9999

    9998

    8080

    443

    Potrebbero piacerti anche