312-50V11 · Question #960
Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the securi
The correct answer is A. Technical threat intelligence. Technical threat intelligence consists of machine-readable indicators of compromise (IoCs) such as malicious IPs, URLs, and file hashes that are fed directly into security devices to automate blocking and detection.
Question
Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network. Which type of threat intelligence is used by Roma to secure the internal network?
Options
- ATechnical threat intelligence
- BOperational threat intelligence
- CTactical threat intelligence
- DStrategic threat intelligence
How the community answered
(34 responses)- A94% (32)
- B3% (1)
- D3% (1)
Why each option
Technical threat intelligence consists of machine-readable indicators of compromise (IoCs) such as malicious IPs, URLs, and file hashes that are fed directly into security devices to automate blocking and detection.
Technical threat intelligence is specifically designed to be consumed by security devices in digital, machine-readable formats. It includes IoCs like malicious IP addresses, domain names, URLs, and file hashes that enable automated blocking and identification of inbound and outbound malicious traffic - exactly matching Roma's described activity.
Operational threat intelligence focuses on the specifics of incoming attacks, including actor TTPs and campaigns, and is used to prepare defensive responses rather than to directly feed automated blocking rules into security devices.
Tactical threat intelligence covers adversary tactics, techniques, and procedures (TTPs) to help security teams understand how attacks are carried out, not to provide machine-readable indicators for automated device enforcement.
Strategic threat intelligence provides high-level, non-technical information about threats and trends intended for executive and board-level decision-making, not for direct consumption by security devices.
Concept tested: Technical threat intelligence and IoC-based defense
Source: https://www.cisa.gov/sites/default/files/publications/Traffic_Light_Protocol_White_Paper.pdf
Topics
Community Discussion
No community discussion yet for this question.