Which term describes threat intelligence that provides information about resources an attacker uses to perform an attack, including command and control channels and tools?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which term describes threat intelligence that provides information about resources an attacker uses to perform an attack, including command and control channels and tools?

Explanation:
Operational threat intelligence describes information about attacker campaigns, the resources they rely on, and how they carry out operations—including the infrastructure they use, command-and-control channels, and the tools at their disposal. This level of detail helps defenders see the practical ways an attacker operates, map real-world campaigns to the infrastructure and toolsets in use, and anticipate where and how new intrusions might occur. Technical threat intelligence, in contrast, focuses more on observable artifacts like indicators of compromise (IOCs) such as hashes, IPs, and domain names that can be used to detect or block known threats, but it doesn’t always capture the broader operational context of how campaigns are executed. Incident handling and response and the eradication phase refer to actions taken during and after an incident, not to the intelligence about attacker resources and operations.

Operational threat intelligence describes information about attacker campaigns, the resources they rely on, and how they carry out operations—including the infrastructure they use, command-and-control channels, and the tools at their disposal. This level of detail helps defenders see the practical ways an attacker operates, map real-world campaigns to the infrastructure and toolsets in use, and anticipate where and how new intrusions might occur.

Technical threat intelligence, in contrast, focuses more on observable artifacts like indicators of compromise (IOCs) such as hashes, IPs, and domain names that can be used to detect or block known threats, but it doesn’t always capture the broader operational context of how campaigns are executed. Incident handling and response and the eradication phase refer to actions taken during and after an incident, not to the intelligence about attacker resources and operations.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy