100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CTI Midterm 2 $7.99   Add to cart

Exam (elaborations)

CTI Midterm 2

 7 views  0 purchase
  • Course
  • CTI - 2024\\2025
  • Institution
  • CTI - 2024\\2025

Exam of 26 pages for the course CTI - at CTI - (CTI Midterm 2)

Preview 3 out of 26  pages

  • August 24, 2024
  • 26
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CTI - 20242025
  • CTI - 20242025
avatar-seller
CHichii
CTI Midterm 2
-a simple and efficient algorithm for partitional clustering
-runs quickly and handles a variety of datasets well - ANS-K-means

-a stand-alone tool to get insight into data distribution
-a preprocessing step for other algorithms - ANS-typical applications of clustering in CTI
(general)

-all instances for a given node belong to the same class
-there are no remaining attributes for further partitioning
-there are no instances left - ANS-Decision Tree - When to stop partitioning?

-common to be shared via web or email
-not a standardized approach
-threat data structures vary
-threat data sharing protocols vary - ANS-intelligence sharing: malicious IP's

-convey the malware to the target, have launched their operation - ANS-Delivery: Adversary
(description)

-could be shared via web or email
-not a standardized approach
-threat data structures are standardized
-threat data sharing protocols vary - ANS-intelligence sharing: STIX data

-deploying a firewall rule based on abnormal activity on a port
-flagging specific emails as phishing based on its features
-automatically blocking a user account based on abnormal activity - ANS-examples of
automated proactive defenses

-detecting reconnaissance as it happens can be very difficult
-discovering recon (even well after the fact) can reveal the adversaries' intent -
ANS-Reconnaissance: Defender (description)

-detecting your devices exposed on Shodan --> putting them behind a firewall/NAT

-phishing emails being sent out --> notifying employees accordingly

-identifying suspicious user login --> blocking user login attempts

,-malware targeting your systems in forums --> updating anti-virus definitions - ANS-examples of
actionable intelligence

-Determining if an email is malicious or not
-Identifying a phishing website from a real one
-Internal hacker profiling
-Identifying malicious vs. benign network traffic
-Categorizing threat actors in social media - ANS-example applications of classification in CTI

-Determining if email is malicious or not
-Identifying phishing website from real - ANS-which of the following CTI apps can benefit from
classification?

-Determining if email is malicious or not
-Identifying phishing website from real
-Grouping similar types of network events together
-Grouping similar threat actors together in social media

-endpoint instrumentation to detect and log installation activity
-analyze installation phase during malware analysis to create new endpoint mitigations -
ANS-Installation: Defender (description)

-essential phase for defenders to understand
-though they can't detect weaponization as it happens, they can infer it by analyzing malware
artifacts - ANS-Weaponization: Defender (description)

-grouping similar types of network events together
-grouping similar threat actors together in social media
-categorizing similar log files together - ANS-clustering applications in CTI (specific)

-highlights attacker preferences alongside possible alternative paths
-enables better mitigation strategies by mitigating current threats and taking into account
reactions or alternate adversary tactics - ANS-key benefits of an activity-attack graph

-How it works
-How to identify it
-How to eliminate or defeat it - ANS-malware analysis aims to dissect malware to understand:

-huge volume of data, difficult to manually analyze, requires highly efficient computational
analysis

-the concept of an anomaly varies among application domains

-labeled anomalies are not readily available for training/validation

, -may trigger high false alarm rates

-hackers often modify their behaviors to make them similar to normal patterns - ANS-challenges
of anomaly detection

-identify files or registry keys on a victim computer that indicate an infection

-focus on what the malware did to the system, NOT the malware itself - ANS-host-based
signatures

-Intra-cluster distances are minimized
-Inter-cluster distances are maximized - ANS-What is good clustering?

-it is recommended to share within your industry (with partners, suppliers, customers, regulators,
etc)
-ex: if one university has details on attacks on/from another, then sharing that info will improve
the intelligence of both - ANS-intelligence sharing

-leverage collected data for relevant, timely, and actionable threat intelligence AND
provide insight and value out of the data to enhance cybersecurity decision-making - ANS-CTI
analytics aims to _

-malware visualizations
-threat dashboards
-network flow visualizations
-geospatial analytics - ANS-Visualization - example CTI applications

-must exploit a vulnerability to gain access
-'zero day' refers to the exploit code used in just this step - ANS-Exploitation: Adversary
(description)

-Naive Bayes
-Decision Tree
-Random Forest
-K-Nearest Neighbor
-Support Vector Machine
-Artificial Neural Networks - ANS-some of the more classic and state-of-the-art classification
techniques:

-not everyone within an organization needs to know about the threats
-depends on the types of threats detected - ANS-threat dissemination

-not suitable for datasets with differing sizes, densities, or odd shapes

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller CHichii. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $7.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75057 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$7.99
  • (0)
  Add to cart