Progreso

0 / 20
0%
1. With which of the following utilities can you use Yara rules from APT reports?

Yara

YaraScanner

Kaspersky Threat Scanner

Loki
2. To interact with Threat Intelligence Portal API, you can use:

Any HTTP client

Kaspersky CyberTrace

ktl_lookup script

cURL utility
3. Which data about an attack does the APT Reporting service provide?

IoC

BIND Response Policy Zone

PDF report

Yara rules
4. Which of the following services by Kaspersky Lab have API through which you
can access information?

Threat Data Feeds

Kaspersky CyberTrace

Threat Intelligence Portal

5. Which of the following file categories CANNOT be included in Whitelisting
Threat Data Feeds?

Clean files

Malicious files

Potentially dangerous (Riskware)

Files of undefined status

 All of the above groups may get in the feeds
6. Which category do Threat Data Feeds pertain to in the Adaptive Security
model?

Respond

Predict

Prevent

Detect
7. How to receive Threat Data Feeds in OpenIoC format?

Add the "?type=openioc" parameter to the Threat Data Feeds URL in

"download_feeds.py"

Use the KL Feed Utility

Use the "kl_feed_filter" utility

Threat Data Feeds are supplied in OpenIoC format by default

8. Which of the following scenarios would benefit most from using Threat Data
Feeds?

An organization wants to have an additional protection layer against traditional

attacks

An organization wants to prevent security incidents

An organization wants to detect targeted attacks

An organization wants to detect APT

9. Which category do APT Reports pertain to in the Adaptive Security model?

Predict

Respond

Detect

Prevent
10. ABC Inc. suffered losses because of a malicious application installed on
employees’ smartphones, which sent SMS messages to premium rate numbers.
Which Threat Data Feeds can help to detect this application?

Botnet C&C feeds

 Malicious hash feeds

P-SMS Trojan feeds

Malicious mobile hash feeds

11. Which security risks do Threat Data Feeds help to mitigate?

Bring Your Own Device

Local privilege escalation

A server without antivirus protection

Guest notebooks that do not meet the internal security policy

Lateral movement
12. Which data are used together with SIEM systems to detect an attack?

Antivirus signatures

IoC

Yara rules

Snort signatures
13. What is Yara?

A utility that helps to identify and classify malicious code

A utility that scans for rootkits

A vulnerability scanner

IoC converter
14. By default, Kaspersky CyberTrace web interface is accessible on port:

443

8080

9998

9999
15. Which software must be installed in Linux-like operating systems for correct
operation of Kaspersky CyberTrace?
 more

Python 3.5

gcc

unzip
16. Which of the following components of Kaspersky CyberTrace converts data
feeds from CSV / XML / STIX to JSON?

Feed Utility

Feed Service

Filter

Downloader
17. Which of the following can you use when creating normalization rules for
incoming events in Kaspersky CyberTrace?

Regular expressions

JavaScript

None of the above

Masks
18. Which data feeds can be loaded to Kaspersky CyberTrace?

Open-source threat intelligence (OSINT) feeds

Data feeds by other vendors

Data feeds by Kaspersky Lab

All of the above

19. For which SIEM systems are customized distributions of Kaspersky
CyberTrace available?

McAfee ESM

IBM Security QRadar

LogRhythm

MicroFocus ArcSight
 RSA NetWitness

Splunk
20. The Feed Service component of Kaspersky CyberTrace:

Receives events from sources

Searches the events for indicators from the feeds

Provides a management web interface over HTTPS

Compiles URL masks

Which services by Kaspersky Lab provide detailed information on hashes of

malicious files, including URLs where the file was detected, and its activities in the
system?El número máximo de respuestas ha sido seleccionado

Threat Data Feeds

Security Assessment

APT Reporting

Threat Lookup
6. A few computers of ABC Inc. have become a part of a botnet. Which Threat
Data Feeds can help IS officers to detect bots installed on the workstations and
associate them with the botnet?

Mobile botnet feeds

Botnet C&C

Malicious hash feeds

9. In which format are Threat Data Feeds supplied?

csv

stix

json

binary

openioc
10. ABC Inc. suffered losses because of a malicious application installed on
employees’ smartphones, which sent SMS messages to premium rate numbers.
Which Threat Data Feeds can help to detect this application?

Malicious mobile hash feeds

Botnet C&C feeds

P-SMS Trojan feeds

Malicious hash feeds

11. Which Threat Data Feeds can help to check whether some inbound connections
are established from a Tor network?
You are investigating an incident related to theft of confidential information from an
organization’s web servers. There is a suspicion that the C&C channel uses Tor. 

Botnet C&C

Tor exit nodes

Data feeds do not provide this information

IP reputation
12. You aim to reduce the load on the mail gateway and improve anti-spam
protection. How can Threat Data Feeds help you?

You can make the mail gateway block addresses that pertain to the spam category
according to IP Reputation feeds

You can make the mail gateway block addresses that pertain to the spam category
and have rating 75 or more according to IP Reputation feeds

You can make the mail gateway block spamming IP addresses listed in the feeds

You can make the mail gateway block any addresses that have rating 75 or more
according to IP Reputation feeds

14. How can Kaspersky CyberTrace send events to external systems?

Using a connection to an SQL-like database

Using SNMP support

Using REST API

Using Syslog protocol

17. Which of the following components of Kaspersky CyberTrace converts data
feeds from CSV / XML / STIX to JSON?

Downloader

Feed Utility

Feed Service

Filter