CTI Training
Modules
Quiz
About
Resources
Are you a business?
Cyber Threat Intelligence Quiz
Test your knowledge of Cyber Threat Intelligence concepts, ethics, and best practices.
Why is it important to conduct a post-project review after an intelligence-led security engagement?
A) To critique team members' individual performance publicly
B) To ensure compliance with international threat intelligence sharing regulations
C) To assess successes, failures, and areas of improvement for future engagements
D) To identify and blacklist employees who did not contribute
Under the UK Computer Misuse Act (1990), which of the following actions would be considered illegal?
A) Conducting open-source intelligence (OSINT) research on a threat actor
B) Accessing a system without permission, even if no damage is caused
C) Using threat intelligence feeds to block malicious domains
D) Sharing an open-source malware analysis report
Which of the following is a key requirement under the EU GDPR that affects cyber threat intelligence collection?
A) Organizations must immediately delete all collected intelligence after 30 days
B) Data subjects have the right to request removal of personal information
C) Threat intelligence analysts must be certified under GDPR regulations
D) Any company handling cyber threats must report all findings to the government
A threat intelligence team wants to monitor a criminal dark web forum where stolen credentials are being traded. Which legal consideration is the most important?
A) Whether participation in the forum could be considered unauthorized access
B) Whether the threat actors approve of intelligence gathering activities
C) Ensuring that all collected intelligence is shared publicly
D) Making sure analysts do not use anonymization tools like Tor
The CREST Code of Conduct emphasizes which ethical obligation for threat intelligence professionals?
A) Prioritizing client interests over legal compliance
B) Conducting activities lawfully and responsibly
C) Selling zero-day vulnerabilities to government agencies
D) Engaging in offensive hacking when required
Your team discovers a serious vulnerability in a widely used open-source software during a security engagement. What is the most ethical way to handle this discovery?
A) Disclose it responsibly to the software maintainers to allow for a patch before public disclosure
B) Sell the vulnerability to the highest bidder on an exploit market
C) Immediately publish the details online without informing the developers
D) Use it to gain unauthorized access to organizations using the software
What is the primary goal of Advanced Persistent Threat (APT) groups?
A) Conducting short-term, opportunistic cybercrime for profit
B) Executing long-term cyber espionage, data theft, or sabotage
C) Testing security defenses in a lawful manner
D) Conducting ethical hacking engagements for governments
What is an example of a watering hole attack?
A) Hackers send a fake invoice email with malware to a CFO
B) Attackers compromise a website frequently visited by their target and inject malware
C) An attacker brute-forces an administrator password
D) A cybercriminal steals credentials via a phishing site
How does DNS tunneling allow attackers to bypass security controls?
A) It uses DNS queries to encode and transmit malicious data without detection
B) It exploits weaknesses in SSL/TLS encryption
C) It takes advantage of buffer overflow vulnerabilities in firewalls
D) It tricks users into disabling endpoint protection
A ransomware variant encrypts files using a hybrid cryptographic approach. What does this mean?
A) It uses symmetric encryption to lock files and asymmetric encryption to protect the decryption key
B) It relies only on AES-256 encryption
C) It encrypts data but does not require a decryption key
D) It uses outdated hashing algorithms to modify file extensions
Why is it difficult to attribute nation-state cyber attacks with high confidence?
A) Nation-state actors use false flags, proxies, and sophisticated tradecraft
B) Cybercriminals always claim responsibility for their attacks
C) Nation-states do not have advanced cyber capabilities
D) Attribution does not require technical evidence
What is the most important factor when prioritizing intelligence requirements for an organization?
A) The potential impact of the threats on business operations
B) The number of alerts generated by security tools
C) The availability of automated threat intelligence feeds
D) The complexity of the cyber kill chain stages
Why is stakeholder communication crucial in intelligence-led engagements?
A) To ensure intelligence findings align with decision-makers' needs
B) To inform security teams of operational budgets
C) To reduce the number of incident response actions
D) To ensure all reports contain technical jargon
A cybersecurity analyst discovers a database of stolen credentials online. What is the most legally sound course of action?
A) Report the discovery to the affected organization and authorities
B) Download and analyze the data to assess its impact
C) Publicly release the data to raise awareness
D) Attempt to log in using the credentials to verify their validity
Under the UK Regulation of Investigatory Powers Act (RIPA) 2000, which activity is restricted?
A) Intercepting communications without proper authorization
B) Using security tools for malware analysis
C) Analyzing public threat intelligence feeds
D) Sharing open-source cyber threat reports
Submit Quiz
Reset Quiz