IOC signatures are fairly static, but how can they help us mitigate threats?

Select 3 correct answer(s)

Question 20 options:

They cannot, as we should use only behavior based IOCs.

They can be used to mitigate threats then retired when the threat is abated. Retiring them versus deleting, allows us to modify the signature when a similar threat presents itself.

They are another layer of defense that can be used to detect adversarial activity.

They can be employed to defend against known threats.

When using IOC creation software like Mandiant’s IOC creator, what are some considerations?

Select 3 correct answer(s)

Question 24 options:

Once the signature is written it is complete and you can move on to the next task in hunting threats.

Signatures will need fine-tuned to precisely detect threats

Initial signatures may be to ‘tight’ or to ‘wide’ and result in no detection or high false positive rates of detection

You can specify multiple items in a signature including, file type, e-mail domain, and hash value, among other things.

Static Indicators are different from variable indicators in which ways?

Select 3 correct answer(s)

Question 25 options:

Variable indicators are derived from a sequence of events for which an attack might occur and identifying where variables exist, static indicators are explicitly defined.

Static indicators are used to express an attack that already has occurred.

Static indicators have known values

Static indicators are expressed as VA-1, VC-1 and VB-1

There are many applications that will automatically convert signatures to IOCs.

Question 27 options:


"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"
Looking for a Similar Assignment? Our Experts can help. Use the coupon code SAVE30 to get your first order at 30% off!