COURSE 6 – CYBER THREAT INTELLIGENCE

Module 1: Threat Intelligence 

IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE

Complete Coursera Study Guide

Enroll in Coursera IBM Cybersecurity Analyst Professional Certificate Here

TABLE OF CONTENT

INTRODUCTION – Threat Intelligence 

Welcome to the module dedicated to exploring various threat intelligence resources. Throughout this module, you will delve into a diverse array of tools and platforms designed to enhance your understanding of cybersecurity threats.

By investigating these resources, you will gain valuable insights into the ever-evolving landscape of digital security, empowering you to develop proactive strategies to safeguard against potential risks and vulnerabilities. Get ready to broaden your knowledge and sharpen your defenses as we navigate through the realm of threat intelligence together.

Learning Objectives

  • Explain the importance of improving security effectiveness
  • Identify the three pillars of effective threat detection
  • Define security intelligence
  • List best practices for intelligent detection of threats
  • Explain how to use various cyberthreat frameworks
  • Describe various threat intelligence platforms and resources
  • List key publications to review for insights into strategic threat intelligence plans
  • Describe each step in the threat intelligence strategy map
  • Identify threat intelligence external sources
  • List the various costs of a cybersecurity breach
  • Describe cybersecurity trends, drivers, and threats

THREAT INTELLIGENCE AND CYBERSECURITY KNOWLEDGE CHECK

1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)

  • New security and privacy laws that went into effect in 2019
  • Human error accounting for the majority of security breaches (CORRECT)
  • The number of breached records in 2019 more than 3 times that of 2018 (CORRECT)
  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices (CORRECT)

Partially correct!

2. What was the average cost of a data breach in 2019 in US dollars?

  • $262K
  • $3.92M (CORRECT)
  • $42.7M
  • $237M

3. What was the average size of a data breach in 2019?

  • 5,270 records
  • 25,575 records (CORRECT)
  • 362,525 records
  • 1,221,750 records
  • 100,535,220 records

4. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as gathering data from internal, external, technical and human sources?

  • Collect (CORRECT)
  • Process
  • Analyze
  • Share

5. Crowdstrike organizes threat intelligence into which three (3) areas? (Select 3)

  • Tactical (CORRECT)
  • Control
  • Strategic (CORRECT)
  • Operational (CORRECT)

Partially correct!

6. According to the Crowdstrike model, Endpoints, SIEMs and Firewalls belong in which intelligence area?

  • Control
  • Strategic
  • Operational
  • Tactical (CORRECT)

7. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)

  • DarkReading (CORRECT)
  • BleepingComputer (CORRECT)
  • Journal of the American Association of Cybersecurity Professionals
  • Trend Micro (CORRECT)

Partially correct!

8. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)

  • Recorded Future (CORRECT)
  • FireEye (CORRECT)
  • MS RapidDeploy
  • IBM Resilient

Partially correct!

THREAT INTELLIGENCE FRAMEWORK KNOWLEDGE CHECK

1. True or False. The average enterprise has 85 different security tools from 45 vendors.

  • True (CORRECT)
  • False

2. Which threat intelligence framework can be described as a system that is effective if there are only 2 players and the adversary is motivated by socioeconomic or sociopolitical payoffs?

  • Mitre Att&ck Knowledgebase
  • Diamond Model of Intrusion Analysis (CORRECT)
  • Cyber Threat Framework
  • Lockheed Martin Cyber Kill Chain

3. True or False. An organization’s security immune system should not be considered fully integrated until it is integrated with the extended partner ecosystem.

  • True (CORRECT)
  • False

4. Which term can be defined as “The real-time collection, normalization, and analysis of the data generated by users, applications, and infrastructure that impacts the IT security and risk posture of an enterprise”?

  • Security Intelligence (CORRECT)
  • Cybersecurity
  • Security Analytics
  • Threat Intelligence

5. What are the three (3) pillars of effective threat detection? (Select 3)

  • Automate intelligence (CORRECT)
  • Analyze everything
  • See everything (CORRECT)
  • Become proactive

Partially correct!

6. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, organizations have an average of 50-70 security tools in their IT environments.

  • True (CORRECT)
  • False

THREAT INTELLIGENCE GRADED ASSESSMENT

1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)

  • A significant skills gap exists with more new cybersecurity professional needed the total number currently working in this field (CORRECT)
  • New security and privacy laws that went into effect in 2019
  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices (CORRECT)
  • Factors such as cloud migration and IT complexity act as cost multipliers making new breaches increasingly expensive (CORRECT)

Partially correct!

2. What was the average time to identify and contain a breach in 2019?

  • 12 hours
  • 7 days
  • 46 days
  • 279 days (CORRECT)

3. Which industry had the highest average cost per breach in 2019 at $6.45M

  • Manufacturing
  • Finance
  • Government
  • Healthcare (CORRECT)
  • Technology
  • Retail

4. Breaches caused by which source resulted in the highest cost per incident in 2019?

  • Employee or contractor negligence
  • Credentials theft (CORRECT)
  • Criminal insider
  • Politically motivated hactivists

5. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as normalize, correlate, confirm and enrich the data?

  • Collect
  • Process (CORRECT)
  • Analyze
  • Share

6. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as investigate, contain, remediate and prioritize?

  • Collect
  • Process
  • Analyze (CORRECT)
  • Share

7. According to the Crowdstrike model, threat hunters, vulnerability management and incident response belong in which intelligence area?

  • Operational (CORRECT)
  • Control
  • Tactical
  • Strategic

8. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)

  • Krebs on Security (CORRECT)
  • InfoSecurity Magazine (CORRECT)
  • Der CyberSpiegel
  • X-Force Exchange (CORRECT)

Partially correct!

9. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)

  • AVG Ultimate
  • BigFix
  • IBM X-Force Exchange (CORRECT)
  • TruSTAR (CORRECT)

Partially correct!

10. Which threat intelligence framework is divided into 3 levels. Level 1 is getting to know your adversaries. Level 2 involves mapping intelligence yourself and level 3 where you map more information and use that to plan your defense?

  • Lockheed Martin Cyber Kill Chain
  • Diamond Model of Intrusion Analysis
  • Cyber Threat Framework
  • Mitre Att&ck Knowledgebase (CORRECT)

11. True or False. An organization’s security immune system should be isolated from outside organizations, including vendors and other third-parties to keep it from being compromised. 

  • True
  • False (CORRECT)

12. Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are pre-exploit activities? (Select 2)

  • Prioritize vulnerabilities to optimize remediation processes and close critical exposures (CORRECT)
  • Detect deviations from the norm that indicate early warnings of APTs (CORRECT)
  • Gather full situational awareness through advanced security analytics
  • Perform forensic investigation

13. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, more that 50% of successful attacks are able to infiltrate without detection.

  • True (CORRECT)
  • False

CONCLUSION – Threat Intelligence 

In conclusion, this module has provided a comprehensive overview of various threat intelligence resources, equipping you with the knowledge and tools necessary to navigate the complex landscape of cybersecurity threats. By exploring these resources, you have gained valuable insights into identifying, analyzing, and mitigating potential risks to your organization’s digital assets.

As you continue your journey in the field of cybersecurity, remember to stay vigilant, adapt to emerging threats, and leverage the insights gained from this module to fortify your defenses against evolving cyber risks. With a proactive approach and a solid understanding of threat intelligence resources, you are better equipped to protect your organization’s data and assets in an increasingly interconnected world.

Previous Course
Next Week

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe