nerdexam
EC-Council

312-50V11 · Question #960

Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the securi

The correct answer is A. Technical threat intelligence. Technical threat intelligence consists of machine-readable indicators of compromise (IoCs) such as malicious IPs, URLs, and file hashes that are fed directly into security devices to automate blocking and detection.

Information Security and Ethical Hacking Fundamentals

Question

Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network. Which type of threat intelligence is used by Roma to secure the internal network?

Options

  • ATechnical threat intelligence
  • BOperational threat intelligence
  • CTactical threat intelligence
  • DStrategic threat intelligence

How the community answered

(34 responses)
  • A
    94% (32)
  • B
    3% (1)
  • D
    3% (1)

Why each option

Technical threat intelligence consists of machine-readable indicators of compromise (IoCs) such as malicious IPs, URLs, and file hashes that are fed directly into security devices to automate blocking and detection.

ATechnical threat intelligenceCorrect

Technical threat intelligence is specifically designed to be consumed by security devices in digital, machine-readable formats. It includes IoCs like malicious IP addresses, domain names, URLs, and file hashes that enable automated blocking and identification of inbound and outbound malicious traffic - exactly matching Roma's described activity.

BOperational threat intelligence

Operational threat intelligence focuses on the specifics of incoming attacks, including actor TTPs and campaigns, and is used to prepare defensive responses rather than to directly feed automated blocking rules into security devices.

CTactical threat intelligence

Tactical threat intelligence covers adversary tactics, techniques, and procedures (TTPs) to help security teams understand how attacks are carried out, not to provide machine-readable indicators for automated device enforcement.

DStrategic threat intelligence

Strategic threat intelligence provides high-level, non-technical information about threats and trends intended for executive and board-level decision-making, not for direct consumption by security devices.

Concept tested: Technical threat intelligence and IoC-based defense

Source: https://www.cisa.gov/sites/default/files/publications/Traffic_Light_Protocol_White_Paper.pdf

Topics

#technical threat intelligence#threat feeds#malicious traffic blocking#network defense

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice