Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

SANS FOR578.docx

Rating
-
Sold
-
Pages
21
Grade
A+
Uploaded on
25-02-2026
Written in
2025/2026

Exam of 21 pages for the course SANS FOR578 at SANS FOR578 (SANS FOR)

Institution
SANS FOR578
Course
SANS FOR578

Content preview

SANS FOR578 / GIAC GCTI
QUESTIONS AND ANSWERS WITH
VERIFIED SOLUTIONS GRADED A+
CORRECTLY


How can you provide true attribution of a group responsible for an intrusion? -
CORRECT ANSWES -- Generally 2 attribution types such as:
A leak + supporting intrusion analysis

What does the term RTU refer to in the indicator lifecycle? - CORRECT ANSWES --
Reported To Us - An indicator from a threat feed

What is an ISAO? - CORRECT ANSWES -- Sharing of intelligence data between
PRIVATE parties

What service does third-party DNS registrant provide to adversaries looking for a
domain to host their malware? - CORRECT ANSWES -- Anonymity

Keep-alive beacons are relevant to which KC phase? - CORRECT ANSWES -- Phase 6
- C2

An analyst is tasked with querying internet space that does not get indexed by google,
what OSINT tool can he use for the job? - CORRECT ANSWES -- Recorded Future

What is the main benefit of sharing CTI among peer groups? - CORRECT ANSWES --
To reduce the effectiveness of adversary operations

Give 3 open source TIPs - CORRECT ANSWES -- MISP
CRITs
Threat Note (threat_note)

What is a characteristic of passive DNS? - CORRECT ANSWES -- Provides ability to
run queries at past points in time

What can show there is insufficient evidence to form a nation-state attribution
hypothesis? - CORRECT ANSWES -- Categorizing evidence by intent, capability, and
opportunity

,A team wants to analyze their incidents to find areas where they are having difficulty
uncovering intelligence, what would provide the best answer? - CORRECT ANSWES --
Count of diamond vertices with incident information collected mapped against kill chain
phases

What method can be used to discover what occurred in KC phase 3 and 4? -
CORRECT ANSWES -- Timeline analysis

Sattelite photography relates to what type of intelligence? - CORRECT ANSWES --
GEOINT

Network traffic intercepts relate to what type of intelligence? - CORRECT ANSWES --
SIGINT

A whistleblower leaking documents relates to what type of intelligence? - CORRECT
ANSWES -- HUMINT

Import hashing is a method used to identify what? - CORRECT ANSWES -- Code
Reuse

What format is used for comments in YARA? - CORRECT ANSWES -- /**/ for multiline
// for singleline

What 3 types of strings are there in YARA? - CORRECT ANSWES -- Text - "example"
Hex - {AA FF DD}
Regular expression

Which TAXII implementation allows subscribers to push and pull data but requires
validation first? - CORRECT ANSWES -- Hub and Spoke

Give 5 intelligence sharing best practices - CORRECT ANSWES -- Ensure
authentication and logging

Include references and appendices

Strip all unneeded data (e.g. PII)

Use recognized standards that make sense for your organization

Interface to share in common standards

What is a mitigation scorecard? - CORRECT ANSWES -- One way to measure utility of
passive and mitigating courses of action.

It maps specific incidents to the capabilites of network defenders, organised by kill chain
phase

, Which phases of the diamond model are facts? - CORRECT ANSWES -- Infrastructure
Capability
Victim

A SOC intends to ingest a large number of IOCs through threat feeds, what should they
be aware of? - CORRECT ANSWES -- IOCs require tailoring to avoid false positives

Which word represents a probability of roughly 25% - CORRECT ANSWES -- Unlikely

What do metrics provide? - CORRECT ANSWES -- Opportunity for clear, concise
communication of messages

How should analysts structure their analysis to avoid ambiguous writing/thinking? -
CORRECT ANSWES -- Clearly seperate facts, observables, and evidence from
interpretations and conclusions

Why is strategic threat intel important to executives? - CORRECT ANSWES -- The
reports reveal global threat analyses, trends, and implications for international
organizations such as foreign policy or economic considerations

Why might leaks not be trustworthy? - CORRECT ANSWES -- They may contain false
information

When attempting state campaign attribution, what step should be conducted in addition
to completing an analysis of competing hypotheses? - CORRECT ANSWES -- Classify
evidence based on the definition of a threat (intent, capability, opportunity)

What is a rule of thumb for a high confidence assessment? - CORRECT ANSWES --
Intrusions whose distinct indicators align to other intrusions in a campaign in two or
more phases of the kill chain, are HIGH CONFIDENCE intrusions

What is include in the assessment equation - CORRECT ANSWES -- Confidence +
assessment + evidence + sources

What should analysts keep in mind when analyzing intent behind intrusions? -
CORRECT ANSWES -- Intent DOES NOT EQUAL impact

When considering operational threat intelligence, national-level government information
can be derived from which of the following? - CORRECT ANSWES -- Criminal
Investigations
Public/Private Partnerships
Foreign Intelligence

Infraguard provides what type of intel? - CORRECT ANSWES -- Operational

Written for

Institution
SANS FOR578
Course
SANS FOR578

Document information

Uploaded on
February 25, 2026
Number of pages
21
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$22.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller
Seller avatar
LectDenksskyview

Get to know the seller

Seller avatar
LectDenksskyview Chamberlian School of Nursing
Follow You need to be logged in order to follow users or courses
Sold
-
Member since
1 year
Number of followers
0
Documents
649
Last sold
-
NURSING

Assignments, Research papers, study guides, Questions and answers, Discussion etc.. For student who want to see Result twice as fast. Kindly don't hesitate to contact me, My study guides and notes , exams, or test banks are 100% graded

0.0

0 reviews

5
0
4
0
3
0
2
0
1
0

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions