Hello Friends in this article i am gone to share Fortinet: NSE 2 Information Security Awareness | Threat Information Services Quiz Answers with you..
Course link: NSE 2 Information Security Awareness
Threat Information Services Quiz Answers
Question 1)
Which statement about cyber-attacks is true?
- Sharing intelligence among security vendors is the best way to fight threats.
- There is no secrecy within security vendors and all information is shared.
- It is important that individuals become more aware of and knowledgeable about any attacks.
- As bad actors continue to evolve it is important to invest in expensive security products.
- Security products and threat intelligence services that can act together in real time stand the best chance of stopping these attacks.
Question 2)
Which are three functions of sandboxing? (Choose three.)
- Sandboxing products take a suspect file and places it in an environment where its behaviors can be closely analyzed.
- Sandboxes can send the details to the vendor’s threat intelligence service so that the details can be shared worldwide.
- Sandboxing quarantines suspicious files and immediately flags them as malware.
- Depending on the configuration, the owner of the sandbox can propagate this new knowledge across their network security environment.
- After some time, if nothing malicious is detected in the quarantined files, the sandbox declares them as safe and releases them from quarantine.
Question 3)
In the early days of threat intelligence service, in which three timeframes were vendor updates released? (Choose three.)
- Monthly
- Once a year
- Every week
- Twice a year
- Quarterly
Question 4)
What happens when each known malware file is represented by a one-to-one signature approach?
- Clear my choice
- Malware-as-a-service organizations provide do-it-yourself malware kits as a solution.
- The variations of malware are easily detected thanks to the affordability of malware kits.
- It does not scale well, because the number of malware files increases by millions or more each day.
- The malware count increases daily, however it can be detected early by a one-to-one signature approach.
- There are more vendor organizations that are able to keep up with the increasing number of malware files.
Question 5)
What happened when malware became more sophisticated and able to change its own file content?
- A single type of malware did not multiply and no bad behavior was detected.
- Less sophisticated malware was still able to evade classic signature-based scanning.
- One new type of malware was detected per year, resulting in the growth of the malware family.
- Malware signatures did not change, and it was not able to sneak by older antivirus products.
- A single type of malware became an entire malware family, consisting of perhaps thousands of different files, but each file performing the same bad behaviors.
Question 6)
The threat intelligence service catalogs data about existing or emerging attacks, including the specific mechanisms of the attack, and evidence that the attack has happened.
What is this data also known as?
- Sandboxing
- Machine learning
- Intelligence catalogs
- Artificial intelligence
- Indicators of compromise
Question 7)
Which behavior does a sandbox look for when searching for malware?
- Failed check sum
- Matched signatures
- Behaved abnormally*
- Exploited known software weakness
Question 8)
Which statement best describes an indicator of compromise (IoC)?
- Sources of potential threat actors and their sponsors
- Evidence that a cyberattack has happened or is ongoing*
- A list of network devices that are known to be compromised
- Valuable information about computer systems and the network
Question 9)
Which two organizations are examples of a threat intelligence service that serves the wider security community? (Choose two.)
- NIST
- FortiGuard Labs*
- Malware-as-a-Service
- Cyber Threat Alliance*
Question 10)
What is the sandbox detection method known as?
- Heuristic detection
- Rule-based detection
- Check sum detection
- Signature-based detection
Question 11)
Which method best defeats unknown malware?
- Web filtering
- Sandboxing*
- Signature-based detection
- Predicted malware detection
Question 12)
Which statement best describes polymorphic malware?
- Polymorphic malware is malware that remains unique and unchanging.
- Polymorphic malware is malware that exploits an unknown security weakness in an application or OS
- Polymorphic malware is unsophisticated malware that can evade signature-based scanning.
- Polymorphic malware is a malware family with thousands of variants but behaving the same way.*