Final Exam: Security Threat Intelligence


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description

Final Exam: Security Threat Intelligence will test your knowledge and application of the topics presented throughout the Security Threat Intelligence track of the Skillsoft Aspire Security Threat Intelligence Journey.



Expected Duration (hours)
0.0

Lesson Objectives

Final Exam: Security Threat Intelligence

  • apply DNS filters and examine DNS queries in Wireshark
  • capture and examine HTTP traffic using Wireshark
  • change file and folder permissions from a Bash script
  • compare and use conditionals in C and C++
  • connect to a remote server securely using ssh
  • create custom functions in a Python script
  • create loops in PowerShell
  • create, modify, and delete user accounts in a Linux system
  • define what is involved in risk analysis and risk modeling as they relate to threat intelligence and outline the FAIR risk model and framework
  • demonstrate how to create a password policy on a Windows workstation to prevent dictionary attacks
  • demonstrate how to implement an account lockout policy to stop brute force attacks
  • demonstrate how to implement full disk encryption with BitLocker
  • demonstrate techniques to harden Windows DNS Servers
  • demonstrate the use of packet capturing to gain intelligence from an attack
  • describe and compare the different types of DCO missions
  • describe common security vulnerabilities in code that can lead to exploits
  • describe how machine learning can improve threat intelligence
  • describe how SIEMs are used to detect threat activity
  • describe how to gather digital evidence, including identification, collection, acquisition, and preservation
  • describe malware cyber threats and how reverse engineering malware can lead to attribution
  • describe symptoms of an infected system
  • describe the command processing capabilities and environment of the Bash shell
  • describe the common features and properties of command line environments
  • describe the function and characteristics of the NetFlow and IPFIX network flow protocols
  • describe the Open Systems Interconnection (OSI) model for network communications
  • describe the operations of DCO in terms of missions, actions, and forces
  • describe when and how to use threat intelligence, including before, during, and after an attack
  • differentiation between attribution types such as machine, human, adversary
  • discuss common BIOS/UEFI settings that are used to help secure the system
  • discuss common techniques to secure the file system
  • identify bash scripts based on their features
  • identify different types of malware attacks
  • identify different types of PowerShell cmdlets and objects
  • identify key steps when responding to malware incidents
  • identify network endpoints from captured network traffic using Wireshark
  • identify the phases of the Cyber Operations Cycle
  • identify the roles and responsibilities of OCO team members and how they interact within the cyber operations cycle
  • implement the for and while loops in a Python script
  • inspect the static properties of malware
  • install ELK stack in preparation for it to serve as a SIEM for Suricata
  • navigate ELK Stack's Kibana dashboards for SIEM use when connected to Suricata
  • outline how to gather digital evidence, including identification, collection, acquisition, and preservation
  • outline the Open Systems Interconnection (OSI) model for network communications
  • perform ARP scans to find hidden hosts on a network
  • perform DNS host discovery
  • perform requests with netcat and other tools to pull banner information from services
  • provide an overview of malware cyber threats and how reverse engineering malware can lead to attribution
  • recognize best practices for removing malware
  • recognize common malware characteristics at the Windows API level (registry manipulation, keylogging, HTTP communications, droppers)
  • recognize different tools used for network scanning
  • recognize the importance of audit logs for security
  • recognize the importance of identifying and preserving forensic artifacts and list common errors when dealing with digital evidence
  • recognize the use of various baselines for network management
  • recognize why intrusion detection is the heart of threat intelligence and outline the kill chain and diamond models of analysis
  • set variables in a Bash script
  • use and set variables in a Bash script
  • use loops in C and C++
  • use the for and while loops in a Python script
  • use the for, while, and until loops in a Bash script
  • use the for, while, and until loops in a Bash script

    • Course Number:
    it_festi_01_enus

    Expertise Level
    Everyone