1. Which service is provided by the Cisco Talos Group?

  • A. Scanning updates for malware code
  • B. Collecting information about active, existing, and emerging threats
  • C. Preventing online malware from affecting end user devices
  • D. Preventing viruses from affecting end user devices

The Cisco Talos group collects information about active, existing, and emerging threats which can be used by Cisco Security products in real time to provide fast and effective security solutions.

2. What does the MITRE Corporation create and maintain?

  • A. STIX
  • B. CVE
  • C. TAXII
  • D. IOC

The MITRE Corporation creates and maintains a catalog of known security threats called Common Vulnerabilities and Exposures (CVE). The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.

3. What is the primary function of (ISC 2 )?

  • A. To maintain a detailed list of all zero-day attacks
  • B. To maintain a list of common vulnerabilities and exposures (CVE) used by prominent security organizations
  • C. To provide vendor neutral education products and career services
  • D. To provide a weekly digest of news articles about computer security

International Information Systems Security Certification Consortium (ISC 2 ) is a network security organization that provides vendor neutral education products and career services.

4. Which threat intelligence sharing open standard specifies, captures, characterizes, and communicates events and properties of network operations?

  • A. MISP
  • B. Talos
  • C. CybOX
  • D. TAXII

Structured Threat Information Expression (STIX) is a set of specifications for exchanging cyberthreat information between organizations. Cyber Observable Expression (CybOX) is a set of standardized schema that specifies, captures, characterizes, and communicates events and properties of network operations and that supports many cybersecurity functions. Trusted Automated Exchange of Indicator Information (TAXII) is a specification for an application layer protocol that allows the communication of CTI over HTTPS and is designed to support STIX.

5. What is the Common Vulnerabilities and Exposures (CVE) used by the MITRE Corporation?

  • A. It is a dictionary of CVE Identifiers for publicly known cyber security vulnerabilities.
  • B. It is a database of virus signatures.
  • C. It is a database of malware signatures.
  • D. It is a list of response mechanisms to known threats.

The MITRE Corporation creates and maintain a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities known as Common Vulnerabilities and Exposures (CVE).

6. Which service is offered by the U.S. Department of Homeland Security (DHS) that enables real- time exchange of cyberthreat indicators between the U.S. Federal Government and the private sector?

  • A. STIX
  • B. CVE
  • C. AIS
  • D. FireEye

The U.S. Department of Homeland Security (DHS) offers a free service called Automated Indicator Sharing (AIS) which enables the real-time exchange of cyberthreat indicators (e.g., malicious IP addresses, the sender address of a phishing email, etc.) between the U.S. Federal Government and the private sector.

7. What is the primary function of SANS?

  • A. To maintain the Internet Storm Center
  • B. To maintain the list of common vulnerabilities and exposures (CVE)
  • C. To provide vendor neutral education products and career services
  • D. To foster cooperation and coordination in information sharing, incident prevention, and rapid reaction

One of the primary functions of the SysAdmin, Audit, Network, Security (SANS) Institute is the maintenance of the Internet Storm Center early warning system.

8. Why do several network organizations, professionals, and intelligence agencies use shared open standards for threat intelligence?

  • A. To ensure real-time synchronization of all antivirus signature databases
  • B. To enable exchange of all response mechanisms to new threats
  • C. To update all vulnerabilities databases across all malware vendors
  • D. To enable the exchange of CTI in an automated, consistent, and machine readable format

Several network organizations, professionals, and intelligence agencies use shared open standards to enable the exchange of cyber threat intelligence (CTI) in an automated, consistent, and machine readable format.

9. What is the primary purpose of the Forum of Incident Response and Security Teams (FIRST)?

  • A. To provide a security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities
  • B. To enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction strategies
  • C. To provide vendor neutral education products and career services to industry professionals worldwide
  • D. To offer 24x7 cyberthreat warnings and advisories, vulnerability identification, and mitigation and incident response

The primary purpose of the Forum of Incident Response and Security Teams (FIRST) is to enable a variety of computer security incident response teams to collaborate, cooperate, and coordinate information sharing, incident prevention, and rapid reaction between the teams.

10. What threat intelligence group provides blogs and podcasts to help network security professionals remain effective and up-to-date?

  • A. CybOX
  • B. Talos
  • C. FireEye
  • D. Mitre

The Cisco Talos Group provides blogs and podcasts on security-related topics from a number of industry experts. These blogs and podcasts provide advice, research, and recommended mitigation techniques.