IOC signatures are fairly static, but how can they help us mitigate threats?
Select 3 correct answer(s)
Question 20 options:
|
They cannot, as we should use only behavior based IOCs. |
|
|
They can be used to mitigate threats then retired when the threat is abated. Retiring them versus deleting, allows us to modify the signature when a similar threat presents itself. |
|
|
They are another layer of defense that can be used to detect adversarial activity. |
|
|
They can be employed to defend against known threats. |
When using IOC creation software like Mandiant’s IOC creator, what are some considerations?
Select 3 correct answer(s)
Question 24 options:
|
Once the signature is written it is complete and you can move on to the next task in hunting threats. |
|
|
Signatures will need fine-tuned to precisely detect threats |
|
|
Initial signatures may be to ‘tight’ or to ‘wide’ and result in no detection or high false positive rates of detection |
|
|
You can specify multiple items in a signature including, file type, e-mail domain, and hash value, among other things. |
Static Indicators are different from variable indicators in which ways?
Select 3 correct answer(s)
Question 25 options:
|
Variable indicators are derived from a sequence of events for which an attack might occur and identifying where variables exist, static indicators are explicitly defined. |
|
|
Static indicators are used to express an attack that already has occurred. |
|
|
Static indicators have known values |
|
|
Static indicators are expressed as VA-1, VC-1 and VB-1 |
There are many applications that will automatically convert signatures to IOCs.
Question 27 options:
| True | |
| False |
"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"
