Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
You have
reached the max number of allowed answers
YaraScanner
Loki
Yara
Threat Lookup
APT Reporting
Security Assessment
3. To interact with Threat Intelligence Portal API, you can use:You have reached the max
number of allowed answers
Kaspersky CyberTrace
cURL utility
ktl_lookup script
4. Which request types can you send using Threat Intelligence Portal API?You have reached
the max number of allowed answers
IP
Domain
URL
Hash
CANCELRESETNEXT
5. Which category do Threat Data Feeds pertain to in the Adaptive Security model?
Predict
Detect
Prevent
Respond
6. Which of the following scenarios would benefit most from using Threat Data Feeds?
7. Which security risks do Threat Data Feeds help to mitigate?You have reached the max
number of allowed answers
Lateral movement
8. Which data are used together with SIEM systems to detect an attack?
Yara rules
Antivirus signatures
IoC
Snort signatures
9. A few computers of ABC Inc. have become a part of a botnet. Which Threat Data Feeds
can help IS officers to detect bots installed on the workstations and associate them with the
botnet?
Botnet C&C
Malicious hash feeds
10. You aim to reduce the load on the mail gateway and improve anti-spam protection. How
can Threat Data Feeds help you?
You can make the mail gateway block spamming IP addresses listed in the feeds
You can make the mail gateway block any addresses that have rating 75 or more according to IP Reputation
feeds
You can make the mail gateway block addresses that pertain to the spam category according to IP Reputation
feeds
You can make the mail gateway block addresses that pertain to the spam category and have rating 75 or more
according to IP Reputation feeds
11. Which of the following file categories CANNOT be included in Whitelisting Threat Data
Feeds?
Clean files
Malicious files
binary
json
stix
csv
openioc
Add the ?type=openioc parameter to the Threat Data Feeds URL in download_feeds.py
19. For which SIEM systems are customized distributions of Kaspersky CyberTrace
available?
RSA NetWitness
Splunk
MicroFocus ArcSight
McAfee ESM
LogRhythm
20. How can Kaspersky CyberTrace receive events from external systems?
Using RPC
Using WMI
21. Which software must be installed in Linux-like operating systems for correct operation
of Kaspersky CyberTrace?
more
gcc
unzip
Python 3.5
24. Which of the following can you use when creating normalization rules for incoming
events in Kaspersky CyberTrace?
Regular expressions
Masks
JavaScript
9999
9998
8080
443