COMPLETE QUESTION BANK WITH
VERIFIED ANSWERS AND EXPERT
RATIONALES
⩥ Natural School of Thought. Answer: A school of thought in which the
analyst identifies a pattern in similar data.
⩥ Law Enforcement Agency School of Thought. Answer: A school of
thought in which you generate intelligence based on who did a crime.
Focuses on attribution.
⩥ Intelligence Agency School of Thought. Answer: A school of thought
based on the classic intelligence life cycle and applying requirements.
⩥ Moonlight Maze. Answer: A case study that offers an early look at
CTI tradecraft. Showed the importance of analyzing the larger picture
over a series of intrusions. Artifacts and indicators may prove useful
years after.
⩥ Cyber. Answer: A living system
,⩥ Intelligence. Answer: The collection, processing, and analysis of
information about a competitive entity and its agents, needed by an
organization or group for its security and well-being.
⩥ GEOINT. Answer: Geospatial intelligence collection from satellites.
⩥ MASINT. Answer: Measurement and signature intelligence from
radar signatures, nuclear detonation signatures.
⩥ SIGINT. Answer: Intelligence derived from signal intercepts, such as
cell phone communications or tapping of communications lines.
⩥ Counterintelligence. Answer: The identification, assessment,
neutralization, and exploitation of intelligence activities of adversarial
entities.
⩥ Operation Bodyguard. Answer: A case study showcasing the
complexity involved in counterintelligence. Allies spread disinformation
that D-Day invasions were occurring later than reality and at different
locations than Normandy in order to confuse adversaries.
⩥ Sherman Kent. Answer: Considered the father of intelligence analysis.
Argued that it is important to give information with an assessment, since
leaders do not have the time or expertise to make good decisions on the
data alone.
, ⩥ Richards J. Heuer Jr.. Answer: A intelligence analyst focused on
structuring analysis, analysis types, critical thinking models and
approaches, and overcoming biases that hinder analyst thought
processes.
⩥ Analysis. Answer: A detailed examination of the elements or structure
of something.; Breaking something down into its constituent parts to
understand its operation.
⩥ Synthesis. Answer: Pulling in data from other sources aside from the
event we are analyzing, including historical information from both the
targeted organization as well as outside entities, and reaching out to
other digital forensics and IR fields such as malware analysis and
forensics.
⩥ Analytical Judgement. Answer: Going beyond the facts to assess what
the information signifies and how it impacts whatever organization they
are supporting. It is made to meet a specific intelligence requirement and
is based off of available data and information while acknowledging the
information gaps and remaining uncertainties.
⩥ Data-Driven Analysis. Answer: A type of analysis driven by pre-
existing or previously developed analytic models and is based on the
assumptions that both the data and the model are accurate and
applicable.