2022 New 312-85 Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/312-85/

we provide Top Quality EC-Council 312-85 test preparation which are the best for clearing 312-85 test, and to get certified by EC-Council Certified Threat Intelligence Analyst. The 312-85 Questions & Answers covers all the knowledge points of the real 312-85 exam. Crack your EC-Council 312-85 Exam with latest dumps, guaranteed!

Online 312-85 free questions and answers of New Version:

Joe works as a threat intelligence analyst with Xsecurity Inc. He is assessing the TI program by comparing the project results with the original objectives by reviewing project charter. He is also reviewing the list of expected deliverables to ensure that each of those is delivered to an acceptable level of quality.
Identify the activity that Joe is performing to assess a TI program’s success or failure.

  • A. Determining the fulfillment of stakeholders
  • B. Identifying areas of further improvement
  • C. Determining the costs and benefits associated with the program
  • D. Conducting a gap analysis

Answer: D

Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

  • A. Unusual outbound network traffic
  • B. Unexpected patching of systems
  • C. Unusual activity through privileged user account
  • D. Geographical anomalies

Answer: C

Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?

  • A. Jim should identify the attack at an initial stage by checking the content of the user agent field.
  • B. Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.
  • C. Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.
  • D. Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.

Answer: C

Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages:
Stage 1: Build asset-based threat profiles
Stage 2: Identify infrastructure vulnerabilities
Stage 3: Develop security strategy and plans
Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

  • A. TRIKE
  • B. VAST
  • D. DREAD

Answer: C

What is the correct sequence of steps involved in scheduling a threat intelligence program?
* 1. Review the project charter
* 2. Identify all deliverables
* 3. Identify the sequence of activities
* 4. Identify task dependencies
* 5. Develop the final schedule
* 6. Estimate duration of each activity
* 7. Identify and estimate resources for all activities
* 8. Define all activities
* 9. Build a work breakdown structure (WBS)

  • A. 1-->9-->2-->8-->3-->7-->4-->6-->5
  • B. 3-->4-->5-->2-->1-->9-->8-->7-->6
  • C. 1-->2-->3-->4-->5-->6-->9-->8-->7
  • D. 1-->2-->3-->4-->5-->6-->7-->8-->9

Answer: A

During the process of threat intelligence analysis, John, a threat analyst, successfully extracted an indication of adversary’s information, such as Modus operandi, tools, communication channels, and forensics evasion strategies used by adversaries.
Identify the type of threat intelligence analysis is performed by John.

  • A. Operational threat intelligence analysis
  • B. Technical threat intelligence analysis
  • C. Strategic threat intelligence analysis
  • D. Tactical threat intelligence analysis

Answer: D

Jame, a professional hacker, is trying to hack the confidential information of a target organization. He identified the vulnerabilities in the target system and created a tailored deliverable malicious payload using an exploit and a backdoor to send it to the victim.
Which of the following phases of cyber kill chain methodology is Jame executing?

  • A. Reconnaissance
  • B. Installation
  • C. Weaponization
  • D. Exploitation

Answer: C

In which of the following storage architecture is the data stored in a localized system, server, or storage hardware and capable of storing a limited amount of data in its database and locally available for data usage?

  • A. Distributed storage
  • B. Object-based storage
  • C. Centralized storage
  • D. Cloud storage

Answer: B

Karry, a threat analyst at an XYZ organization, is performing threat intelligence analysis. During the data collection phase, he used a data collection method that involves no participants and is purely based on analysis and observation of activities and processes going on within the local boundaries of the organization.
Identify the type data collection method used by the Karry.

  • A. Active data collection
  • B. Passive data collection
  • C. Exploited data collection
  • D. Raw data collection

Answer: B

Mr. Bob, a threat analyst, is performing analysis of competing hypotheses (ACH). He has reached to a stage where he is required to apply his analysis skills effectively to reject as many hypotheses and select the best hypotheses from the identified bunch of hypotheses, and this is done with the help of listed evidence. Then, he prepares a matrix where all the screened hypotheses are placed on the top, and the listed evidence for the hypotheses are placed at the bottom.
What stage of ACH is Bob currently in?

  • A. Diagnostics
  • B. Evidence
  • C. Inconsistency
  • D. Refinement

Answer: A

An analyst wants to disseminate the information effectively so that the consumers can acquire and benefit out of the intelligence.
Which of the following criteria must an analyst consider in order to make the intelligence concise, to the point, accurate, and easily understandable and must consist of a right balance between tables, narrative, numbers, graphics, and multimedia?

  • A. The right time
  • B. The right presentation
  • C. The right order
  • D. The right content

Answer: B

A team of threat intelligence analysts is performing threat analysis on malware, and each of them has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic processes must threat intelligence manager use?

  • A. Threat modelling
  • B. Application decomposition and analysis (ADA)
  • C. Analysis of competing hypotheses (ACH)
  • D. Automated technical analysis

Answer: C

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular community?

  • A. Red
  • B. White
  • C. Green
  • D. Amber

Answer: D

Henry. a threat intelligence analyst at ABC Inc., is working on a threat intelligence program. He was assigned to work on establishing criteria for prioritization of intelligence needs and requirements.
Which of the following considerations must be employed by Henry to prioritize intelligence requirements?

  • A. Understand frequency and impact of a threat
  • B. Understand data reliability
  • C. Develop a collection plan
  • D. Produce actionable data

Answer: A

John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?

  • A. Initial intrusion
  • B. Search and exfiltration
  • C. Expansion
  • D. Persistence

Answer: C


Thanks for reading the newest 312-85 exam dumps! We recommend you to try the PREMIUM Certshared 312-85 dumps in VCE and PDF here: https://www.certshared.com/exam/312-85/ (49 Q&As Dumps)