Download Certified Threat Intelligence Analyst.312-85.ExamTopics.2025-05-31.64q.vcex

Vendor: ECCouncil
Exam Code: 312-85
Exam Name: Certified Threat Intelligence Analyst
Date: May 31, 2025
File Size: 42 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
ProfExam Discount

Demo Questions

Question 1
Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He performs hacking to obtain confidential data such as social security numbers, personally identifiable information (PII) of an employee, and credit card information. After obtaining confidential data, he further sells the information on the black market to make money.
Daniel comes under which of the following types of threat actor.
  1. Industrial spies
  2. State-sponsored hackers
  3. Insider threat
  4. Organized hackers
Correct answer: D
Question 2
John, a professional hacker, is trying to perform APT attack on the target organization network. He gains access to a single system of a target organization and tries to obtain administrative login credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?
  1. Initial intrusion
  2. Search and exfiltration
  3. Expansion
  4. Persistence
Correct answer: C
Question 3
Jim works as a security analyst in a large multinational company. Recently, a group of hackers penetrated into their organizational network and used a data staging technique to collect sensitive data. They collected all sorts of sensitive data about the employees and customers, business tactics of the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?
  1. Jim should identify the attack at an initial stage by checking the content of the user agent field.
  2. Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.
  3. Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.
  4. Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.
Correct answer: C
Question 4
Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to establish trust between sharing partners. In the trust model used by him, the first organization makes use of a body of evidence in a second organization, and the level of trust between two organizations depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?
  1. Mediated trust
  2. Mandated trust
  3. Direct historical trust
  4. Validated trust
Correct answer: D
Question 5
A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a connection request from a remote host to the server. From this data, he obtains only the IP address of the source and destination but no contextual information. While processing this data, he obtains contextual information stating that multiple connection requests from different geo-locations are received by the server within a short time span, and as a result, the server is stressed and gradually its performance has reduced. He further performed analysis on the information based on the past and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?
  1. DHCP attacks
  2. MAC spoofing attack
  3. Distributed Denial-of-Service (DDoS) attack
  4. Bandwidth attack
Correct answer: C
Question 6
Jame, a professional hacker, is trying to hack the confidential information of a target organization. He identified the vulnerabilities in the target system and created a tailored deliverable malicious payload using an exploit and a backdoor to send it to the victim.
Which of the following phases of cyber kill chain methodology is Jame executing?
  1. Reconnaissance
  2. Installation
  3. Weaponization
  4. Exploitation
Correct answer: C
Question 7
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?
  1. Unusual outbound network traffic
  2. Unexpected patching of systems
  3. Unusual activity through privileged user account
  4. Geographical anomalies
Correct answer: D
Question 8
Which of the following characteristics of APT refers to numerous attempts done by the attacker to gain entry to the target’s network?
  1. Risk tolerance
  2. Timeliness
  3. Attack origination points
  4. Multiphased
Correct answer: C
Question 9
Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages:
Stage 1: Build asset-based threat profiles
Stage 2: Identify infrastructure vulnerabilities
Stage 3: Develop security strategy and plans
Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?
  1. TRIKE
  2. VAST
  3. OCTAVE
  4. DREAD
Correct answer: C
Question 10
Which of the following types of threat attribution deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target?
  1. Nation-state attribution
  2. True attribution
  3. Campaign attribution
  4. Intrusion-set attribution
Correct answer: B
Question 11
In a team of threat analysts, two individuals were competing over projecting their own hypotheses on a given malware. However, to find logical proofs to confirm their hypotheses, the threat intelligence manager used a de-biasing strategy that involves learning strategic decision making in the circumstances comprising multistep interactions with numerous representatives, either having or without any perfect relevant information.
Which of the following de-biasing strategies the threat intelligence manager used to confirm their hypotheses?
  1. Game theory
  2. Machine learning
  3. Decision theory
  4. Cognitive psychology
Correct answer: A
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!