1/4/25, 1:32 PM SANS FOR578 / GIAC GCTI Certification Exam Prep LATEST EXAM QUESTIONS AND VERIFIED ANSWERS GRADED A+ | ASS…
SANS FOR578 / GIAC GCTI Certification Exam
Prep LATEST EXAM QUESTIONS AND VERIFIED
ANSWERS GRADED A+ | ASSURED SUCCESS
Practice questions for this set
Learn
Studied 7 terms
Nice work, you're crushing it
Continue studying in Learn
Terms in this set (229)
What is The identification, assessment, and neutralisation of
counterintelligence? adversary intelligence activities.
Which type of memory is Working memory as it processes inputs and
the most critical in intel determines whether to store them for long or short
analysis and why? term memory
What is template Theory that every object is processed by the brain
matching? and stored as a template in long term memory
System 1 - intuitive, fast, effective
Compare system 1 and 2
thinking
System 2 - analytical, slow, methodical
https://quizlet.com/989571638/sans-for578-giac-gcti-certification-exam-prep-latest-exam-questions-and-verified-answers-graded-a-assured-success-f… 1/12
, 1/4/25, 1:32 PM SANS FOR578 / GIAC GCTI Certification Exam Prep LATEST EXAM QUESTIONS AND VERIFIED ANSWERS GRADED A+ | ASS…
Which system of thinking System 1
requires mental models?
A clustering of intrusions which cover 2 or more
What is an activity group?
phases in the diamond model
An indicator that remains constant across multiple
intrusions, uniquely distinguishes a campaign from
What is a key indicator?
other campaigns, and aligns to a single category of
adversary action.
What is a Collection A CMF is the plan for how you collect data, where you
Management Framework collect it, and what type of data you collect.
(CMF)?
What 3 aspects make up a Intent, Capability, Opportunity
threat?
Which level of effort is Simple
required to change a
domain name according
to the pyramid of pain?
What is the importance of Ensures analyst understands limitations of their data
understanding intelligence sources
collection on a technical
level?
What is counter The identification, assessment, neutralisation, and
intelligence? exploitation of adversarial entities.
Understanding your Environmental
organizations
vulnerabilities using
models and config
analysis is what type of
threat detection?
Which TLP level allows TLP: White
intel to be shared online?
https://quizlet.com/989571638/sans-for578-giac-gcti-certification-exam-prep-latest-exam-questions-and-verified-answers-graded-a-assured-success-f… 2/12
SANS FOR578 / GIAC GCTI Certification Exam
Prep LATEST EXAM QUESTIONS AND VERIFIED
ANSWERS GRADED A+ | ASSURED SUCCESS
Practice questions for this set
Learn
Studied 7 terms
Nice work, you're crushing it
Continue studying in Learn
Terms in this set (229)
What is The identification, assessment, and neutralisation of
counterintelligence? adversary intelligence activities.
Which type of memory is Working memory as it processes inputs and
the most critical in intel determines whether to store them for long or short
analysis and why? term memory
What is template Theory that every object is processed by the brain
matching? and stored as a template in long term memory
System 1 - intuitive, fast, effective
Compare system 1 and 2
thinking
System 2 - analytical, slow, methodical
https://quizlet.com/989571638/sans-for578-giac-gcti-certification-exam-prep-latest-exam-questions-and-verified-answers-graded-a-assured-success-f… 1/12
, 1/4/25, 1:32 PM SANS FOR578 / GIAC GCTI Certification Exam Prep LATEST EXAM QUESTIONS AND VERIFIED ANSWERS GRADED A+ | ASS…
Which system of thinking System 1
requires mental models?
A clustering of intrusions which cover 2 or more
What is an activity group?
phases in the diamond model
An indicator that remains constant across multiple
intrusions, uniquely distinguishes a campaign from
What is a key indicator?
other campaigns, and aligns to a single category of
adversary action.
What is a Collection A CMF is the plan for how you collect data, where you
Management Framework collect it, and what type of data you collect.
(CMF)?
What 3 aspects make up a Intent, Capability, Opportunity
threat?
Which level of effort is Simple
required to change a
domain name according
to the pyramid of pain?
What is the importance of Ensures analyst understands limitations of their data
understanding intelligence sources
collection on a technical
level?
What is counter The identification, assessment, neutralisation, and
intelligence? exploitation of adversarial entities.
Understanding your Environmental
organizations
vulnerabilities using
models and config
analysis is what type of
threat detection?
Which TLP level allows TLP: White
intel to be shared online?
https://quizlet.com/989571638/sans-for578-giac-gcti-certification-exam-prep-latest-exam-questions-and-verified-answers-graded-a-assured-success-f… 2/12
