Kaspersky Threat Intelligence

1. With which of the following utilities can you use Yara rules from APT reports?You have reached the max number of allo

Views 123 Downloads 5 File size 170KB

Report DMCA / Copyright

DOWNLOAD FILE

Recommend stories
NSE2 - Lesson 4 -Threat Intelligence Services Quiz
NSE2 - Lesson 4 -Threat Intelligence Services Quiz

8 0 134KB Read more

KEYS KASPERSKY
KEYS KASPERSKY

Kaspersky Internet Security Key 90day: 4CH4C-PPFDT-NFK4B-45R69. KIS TDDXP-T7E7Z-5V6RR-EFCBM KIS NUB4C-NWD6Q-STN5S-JBYYD

60 1 33KB Read more

Kaspersky Reset Trial 2.1
Kaspersky Reset Trial 2.1

Kaspersky Trial Reset 2.1 Software name: Kaspersky Reset Trial Program Version: 2.1 Latest version: 2.1 Official site: f

109 1 11KB Read more

The Threat Landscape
The Threat Landscape

The Threat Landscape Skip Quiz navigation Started on Thursday, 23 January 2020, 2:30 PM State Finished Completed on Thur

31 6 701KB Read more

1.3.1.6 Lab Threat Identification
1.3.1.6 Lab Threat Identification

70 2 608KB Read more

Manual de Kaspersky
Manual de Kaspersky

25 2 675KB Read more

Examen Kaspersky Junio
Examen Kaspersky Junio

1. Under which scenario would a Kaspersky Endpoint Security 11.1 installation require a system restart? If the Device Co

0 0 617KB Read more

1.3.1.6 Lab - Threat Identification
1.3.1.6 Lab - Threat Identification

28 5 1MB Read more

Business Intelligence
Business Intelligence

285 2 60KB Read more

Networked Intelligence
Networked Intelligence

September, 2008 Volume 8, No. 3 BOOKS Russian DNA Discoveries Summarized by Baerbel Vernetzte Intelligenz" von Grazyna

13 0 998KB Read more

Citation preview

1. With which of the following utilities can you use Yara rules from APT reports?You have reached the max number of allowed answers YaraScanner Loki Yara Kaspersky Threat Scanner

2. Which services by Kaspersky Lab provide detailed information on hashes of malicious files, including URLs where the file was detected, and its activities in the system?You have reached the max number of allowed answers Threat Data Feeds Threat Lookup APT Reporting Security Assessment

3. To interact with Threat Intelligence Portal API, you can use:You have reached the max number of allowed answers Kaspersky CyberTrace cURL utility ktl_lookup script Any HTTP client

4. Which request types can you send using Threat Intelligence Portal API?You have reached the max number of allowed answers IP Domain URL Hash

CANCELRESETNEXT 5. Which category do Threat Data Feeds pertain to in the Adaptive Security model?

Predict Detect Prevent Respond

6. Which of the following scenarios would benefit most from using Threat Data Feeds? An organization wants to detect APT An organization wants to prevent security incidents An organization wants to detect targeted attacks An organization wants to have an additional protection layer against traditional attacks

7. Which security risks do Threat Data Feeds help to mitigate?You have reached the max number of allowed answers Guest notebooks that do not meet the internal security policy Local privilege escalation A server without antivirus protection Lateral movement Bring Your Own Device

8. Which data are used together with SIEM systems to detect an attack? Yara rules Antivirus signatures IoC Snort signatures

9. A few computers of ABC Inc. have become a part of a botnet. Which Threat Data Feeds can help IS officers to detect bots installed on the workstations and associate them with the botnet? Botnet C&C

Malicious hash feeds Mobile botnet feeds

10. You aim to reduce the load on the mail gateway and improve anti-spam protection. How can Threat Data Feeds help you? You can make the mail gateway block spamming IP addresses listed in the feeds You can make the mail gateway block any addresses that have rating 75 or more according to IP Reputation feeds You can make the mail gateway block addresses that pertain to the spam category according to IP Reputation feeds You can make the mail gateway block addresses that pertain to the spam category and have rating 75 or more according to IP Reputation feeds

11. Which of the following file categories CANNOT be included in Whitelisting Threat Data Feeds? Clean files Potentially dangerous (Riskware) Malicious files Files of undefined status All of the above groups may get in the feeds

12. In which format are Threat Data Feeds supplied? binary json stix csv openioc

13. How to receive Threat Data Feeds in OpenIoC format? Use the KL Feed Utility Threat Data Feeds are supplied in OpenIoC format by default

Use the kl_feed_filter utility Add the ?type=openioc parameter to the Threat Data Feeds URL in download_feeds.py

19. For which SIEM systems are customized distributions of Kaspersky CyberTrace available? RSA NetWitness Splunk MicroFocus ArcSight McAfee ESM IBM Security QRadar LogRhythm

20. How can Kaspersky CyberTrace receive events from external systems? Using RPC Using WMI Using SNMP support Using Syslog protocol

21. Which software must be installed in Linux-like operating systems for correct operation of Kaspersky CyberTrace? more gcc unzip Python 3.5

22. Which data feeds can be loaded to Kaspersky CyberTrace? Data feeds by Kaspersky Lab Data feeds by other vendors

Open-source threat intelligence (OSINT) feeds All of the above

23. The Feed Service component of Kaspersky CyberTrace: Compiles URL masks Receives events from sources Searches the events for indicators from the feeds Provides a management web interface over HTTPS

24. Which of the following can you use when creating normalization rules for incoming events in Kaspersky CyberTrace? Regular expressions Masks JavaScript None of the above

25. By default, Kaspersky CyberTrace web interface is accessible on port: 9999 9998 8080 443