Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
0 / 20
0%
1. With which of the following utilities can you use Yara rules from APT reports?
Yara
YaraScanner
Loki
2. To interact with Threat Intelligence Portal API, you can use:
Kaspersky CyberTrace
ktl_lookup script
cURL utility
3. Which data about an attack does the APT Reporting service provide?
IoC
PDF report
Yara rules
4. Which of the following services by Kaspersky Lab have API through which you
can access information?
Kaspersky CyberTrace
Clean files
Malicious files
Respond
Predict
Prevent
Detect
7. How to receive Threat Data Feeds in OpenIoC format?
Predict
Respond
Detect
Prevent
10. ABC Inc. suffered losses because of a malicious application installed on
employees’ smartphones, which sent SMS messages to premium rate numbers.
Which Threat Data Feeds can help to detect this application?
Lateral movement
12. Which data are used together with SIEM systems to detect an attack?
Antivirus signatures
IoC
Yara rules
Snort signatures
13. What is Yara?
A vulnerability scanner
IoC converter
14. By default, Kaspersky CyberTrace web interface is accessible on port:
443
8080
9998
9999
15. Which software must be installed in Linux-like operating systems for correct
operation of Kaspersky CyberTrace?
more
Python 3.5
gcc
unzip
16. Which of the following components of Kaspersky CyberTrace converts data
feeds from CSV / XML / STIX to JSON?
Feed Utility
Feed Service
Filter
Downloader
17. Which of the following can you use when creating normalization rules for
incoming events in Kaspersky CyberTrace?
Regular expressions
JavaScript
Masks
18. Which data feeds can be loaded to Kaspersky CyberTrace?
McAfee ESM
LogRhythm
MicroFocus ArcSight
RSA NetWitness
Splunk
20. The Feed Service component of Kaspersky CyberTrace:
Security Assessment
APT Reporting
Threat Lookup
6. A few computers of ABC Inc. have become a part of a botnet. Which Threat
Data Feeds can help IS officers to detect bots installed on the workstations and
associate them with the botnet?
Botnet C&C
csv
stix
json
binary
openioc
10. ABC Inc. suffered losses because of a malicious application installed on
employees’ smartphones, which sent SMS messages to premium rate numbers.
Which Threat Data Feeds can help to detect this application?
11. Which Threat Data Feeds can help to check whether some inbound connections
are established from a Tor network?
You are investigating an incident related to theft of confidential information from an
organization’s web servers. There is a suspicion that the C&C channel uses Tor.
Botnet C&C
IP reputation
12. You aim to reduce the load on the mail gateway and improve anti-spam
protection. How can Threat Data Feeds help you?
You can make the mail gateway block addresses that pertain to the spam category
according to IP Reputation feeds
You can make the mail gateway block addresses that pertain to the spam category
and have rating 75 or more according to IP Reputation feeds
You can make the mail gateway block spamming IP addresses listed in the feeds
You can make the mail gateway block any addresses that have rating 75 or more
according to IP Reputation feeds
Downloader
Feed Utility
Feed Service
Filter