GIAC Cyber Threat Intelligence (GCTI)
Exam Questions and Answers Latest
Versions Top Rated A+
Question>> 1
What are the 3 stages of the indicator lifecycle?
Correct Answer>>
Revealed Mature Utilized
Question>> 2
Which term describes the individual pieces of information an analyst
should highlight on the final diamond model for intrusion analysis
Correct Answer>>
Key indicators
Question>> 3
How can intel teams prevent bias?
Correct Answer>>
Use of Structured Analytic Techniques (SATs) Inclusion of diversity
Question>> 4
,Understanding your organizations vulnerabilities using models and
config analysis is what type of threat detection?
Correct Answer>>
Environmental
Question>> 5
Which of the following information can be determined from NetFlow
data?
Hostnames from DNS requests Volume of data transfers
TLS certificate expiry dates
Contents of unencrypted connections
Correct Answer>>
Volume of data transfers
Question>> 6
What is the main advantage of passive DNS for a CTI analyst?
Correct Answer>>
Passive DNS is the collection of DNS domain query responses. These can
be analyzed to aid in correlation of IPs and domains
,Question>> 7
What is YARA?
Correct Answer>>
A pattern-matching tool used to identify patterns in data and create
signatures
Question>> 8
Which of the following is a core responsibility of operational staff for
ensuring an effective threat intelligence program?
Information sharing
Vulnerability prioritization Data encryption
Secure code development
Correct Answer>>
Information sharing
Question>> 9
Which organization provides a free ASN lookup service?
Correct Answer>>
Team Cymru
, Question>> 10
What might be included in a style guide?
Correct Answer>>
Team Structure Accepted Lexicon
Words, actions, phrases not to do/say
Sample structured analytical techniques Sample intel requirements
Key processes
Question>> 11
When looking at a maltego window, how can you determine which
columns are entities and which are links?
Correct Answer>>
Column headers contain an icon and a second name to show what the
entity has been mapped to, links between these have no icon or
mapping
Question>> 12
A CTI analyst comes to an early conclusion based on a single piece of
evidence and rejects any evidence that does not support the initial
hypothesis, what cognitive bias is this?
Correct Answer>>
Exam Questions and Answers Latest
Versions Top Rated A+
Question>> 1
What are the 3 stages of the indicator lifecycle?
Correct Answer>>
Revealed Mature Utilized
Question>> 2
Which term describes the individual pieces of information an analyst
should highlight on the final diamond model for intrusion analysis
Correct Answer>>
Key indicators
Question>> 3
How can intel teams prevent bias?
Correct Answer>>
Use of Structured Analytic Techniques (SATs) Inclusion of diversity
Question>> 4
,Understanding your organizations vulnerabilities using models and
config analysis is what type of threat detection?
Correct Answer>>
Environmental
Question>> 5
Which of the following information can be determined from NetFlow
data?
Hostnames from DNS requests Volume of data transfers
TLS certificate expiry dates
Contents of unencrypted connections
Correct Answer>>
Volume of data transfers
Question>> 6
What is the main advantage of passive DNS for a CTI analyst?
Correct Answer>>
Passive DNS is the collection of DNS domain query responses. These can
be analyzed to aid in correlation of IPs and domains
,Question>> 7
What is YARA?
Correct Answer>>
A pattern-matching tool used to identify patterns in data and create
signatures
Question>> 8
Which of the following is a core responsibility of operational staff for
ensuring an effective threat intelligence program?
Information sharing
Vulnerability prioritization Data encryption
Secure code development
Correct Answer>>
Information sharing
Question>> 9
Which organization provides a free ASN lookup service?
Correct Answer>>
Team Cymru
, Question>> 10
What might be included in a style guide?
Correct Answer>>
Team Structure Accepted Lexicon
Words, actions, phrases not to do/say
Sample structured analytical techniques Sample intel requirements
Key processes
Question>> 11
When looking at a maltego window, how can you determine which
columns are entities and which are links?
Correct Answer>>
Column headers contain an icon and a second name to show what the
entity has been mapped to, links between these have no icon or
mapping
Question>> 12
A CTI analyst comes to an early conclusion based on a single piece of
evidence and rejects any evidence that does not support the initial
hypothesis, what cognitive bias is this?
Correct Answer>>
