EC-Council 312-85 Free Practice Questions

NEW QUESTION 1
Alison, an analyst in an XYZ organization, wants to retrieve information about a company’s website from the time of its inception as well as the removed information from the target website.
What should Alison do to get the information he needs.

• A. Alison should use SmartWhois to extract the required website information.
• B. Alison should use https://archive.org to extract the required website information.
• C. Alison should run the Web Data Extractor tool to extract the required website information.
• D. Alison should recover cached pages of the website from the Google search engine cache to extract the required website information.

Answer: C

NEW QUESTION 2
Alice, a threat intelligence analyst at HiTech Cyber Solutions, wants to gather information for identifying emerging threats to the organization and implement essential techniques to prevent their systems and networks from such attacks. Alice is searching for online sources to obtain information such as the method used to launch an attack, and techniques and tools used to perform an attack and the procedures followed for covering the tracks after an attack.
Which of the following online sources should Alice use to gather such information?

• A. Financial services
• B. Social network settings
• C. Hacking forums
• D. Job sites

Answer: C

NEW QUESTION 3
Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He performs hacking to obtain confidential data such as social security numbers, personally identifiable information (PII) of an employee, and credit card information. After obtaining confidential data, he further sells the information on the black market to make money.
Daniel comes under which of the following types of threat actor.

• A. Industrial spies
• B. State-sponsored hackers
• C. Insider threat
• D. Organized hackers

Answer: D

NEW QUESTION 4
A team of threat intelligence analysts is performing threat analysis on malware, and each of them has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic processes must threat intelligence manager use?

• A. Threat modelling
• B. Application decomposition and analysis (ADA)
• C. Analysis of competing hypotheses (ACH)
• D. Automated technical analysis

Answer: C

NEW QUESTION 5
What is the correct sequence of steps involved in scheduling a threat intelligence program?
* 1. Review the project charter
* 2. Identify all deliverables
* 3. Identify the sequence of activities
* 4. Identify task dependencies
* 5. Develop the final schedule
* 6. Estimate duration of each activity
* 7. Identify and estimate resources for all activities
* 8. Define all activities
* 9. Build a work breakdown structure (WBS)

• A. 1-->9-->2-->8-->3-->7-->4-->6-->5
• B. 3-->4-->5-->2-->1-->9-->8-->7-->6
• C. 1-->2-->3-->4-->5-->6-->9-->8-->7
• D. 1-->2-->3-->4-->5-->6-->7-->8-->9

Answer: A

NEW QUESTION 6
Mr. Bob, a threat analyst, is performing analysis of competing hypotheses (ACH). He has reached to a stage where he is required to apply his analysis skills effectively to reject as many hypotheses and select the best hypotheses from the identified bunch of hypotheses, and this is done with the help of listed evidence. Then, he prepares a matrix where all the screened hypotheses are placed on the top, and the listed evidence for the hypotheses are placed at the bottom.
What stage of ACH is Bob currently in?

• A. Diagnostics
• B. Evidence
• C. Inconsistency
• D. Refinement

Answer: A

NEW QUESTION 7
Sarah is a security operations center (SOC) analyst working at JW Williams and Sons organization based in Chicago. As a part of security operations, she contacts information providers (sharing partners) for gathering information such as collections of validated and prioritized threat indicators along with a detailed technical analysis of malware samples, botnets, DDoS attack methods, and various other malicious tools. She further used the collected information at the tactical and operational levels.
Sarah obtained the required information from which of the following types of sharing partner?

• A. Providers of threat data feeds
• B. Providers of threat indicators
• C. Providers of comprehensive cyber-threat intelligence
• D. Providers of threat actors

Answer: C

NEW QUESTION 8
Karry, a threat analyst at an XYZ organization, is performing threat intelligence analysis. During the data collection phase, he used a data collection method that involves no participants and is purely based on analysis and observation of activities and processes going on within the local boundaries of the organization.
Identify the type data collection method used by the Karry.

• A. Active data collection
• B. Passive data collection
• C. Exploited data collection
• D. Raw data collection

Answer: B

NEW QUESTION 9
Which of the following types of threat attribution deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target?

• A. Nation-state attribution
• B. True attribution
• C. Campaign attribution
• D. Intrusion-set attribution

Answer: B

NEW QUESTION 10
Walter and Sons Company has faced major cyber attacks and lost confidential data. The company has decided to concentrate more on the security rather than other resources. Therefore, they hired Alice, a threat analyst, to perform data analysis. Alice was asked to perform qualitative data analysis to extract useful information from collected bulk data.
Which of the following techniques will help Alice to perform qualitative data analysis?

• A. Regression analysis, variance analysis, and so on
• B. Numerical calculations, statistical modeling, measurement, research, and so on.
• C. Brainstorming, interviewing, SWOT analysis, Delphi technique, and so on
• D. Finding links between data and discover threat-related information

Answer: C

NEW QUESTION 11
During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary’s information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.

• A. Operational threat intelligence analysis
• B. Technical threat intelligence analysis
• C. Strategic threat intelligence analysis
• D. Tactical threat intelligence analysis

Answer: D

NEW QUESTION 12
Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-threat intelligence analysis. After obtaining information regarding threats, he has started analyzing the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?

• A. Unknown unknowns
• B. Unknowns unknown
• C. Known unknowns
• D. Known knowns

Answer: C

NEW QUESTION 13
Tracy works as a CISO in a large multinational company. She consumes threat intelligence to understand the changing trends of cyber security. She requires intelligence to understand the current business trends and make appropriate decisions regarding new technologies, security budget, improvement of processes, and staff. The intelligence helps her in minimizing business risks and protecting the new technology and business initiatives.
Identify the type of threat intelligence consumer is Tracy.

• A. Tactical users
• B. Strategic users
• C. Operational users
• D. Technical users

Answer: B

NEW QUESTION 14
In which of the following forms of bulk data collection are large amounts of data first collected from multiple sources in multiple formats and then processed to achieve threat intelligence?

• A. Structured form
• B. Hybrid form
• C. Production form
• D. Unstructured form

Answer: D

NEW QUESTION 15
John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?

• A. Initial intrusion
• B. Search and exfiltration
• C. Expansion
• D. Persistence

Answer: C

NEW QUESTION 16
......