Exam 350-701 topic 1 question 357 discussion

The Demon Queen would like to provide a dumbed downed explanation as why it is D. The "uploads" part of the question can easily throw you off as it seems like it is sharing Threat intelligence will other orgs. However that is not the case as the term "upload" refers to the TIDirector pushing out processed threat intelligence data to sensors on the network to look out for in this case block listed items. How it works? Threat Intelligence Directory first consumes threat intelligence data and processes it before uploading (pushing or sending) it out to sensors on the network to detect the newly uploaded info.

D is correct! --Consume is the keyword! Cisco Threat Intelligence Director (TID) is a system that operationalizes threat intelligence information. The system consumes and normalizes heterogeneous third-party cyber threat intelligence, publishes the intelligence to detection technologies, and correlates the observations from the detection technologies. https://www.cisco.com/c/en/us/support/docs/storage-networking/security/214859-configure-and-troubleshoot-cisco-threat.html

D is correct! --Consume is the keyword! Cisco Threat Intelligence Director (TID) is a system that operationalizes threat intelligence information. The system consumes and normalizes heterogeneous third-party cyber threat intelligence, publishes the intelligence to detection technologies, and correlates the observations from the detection technologies. https://www.cisco.com/c/en/us/support/docs/storage-networking/security/214859-configure-and-troubleshoot-cisco-threat.html

There are two new terms: STIX (Structured Threat Intelligence eXpression) is a standard for sharing and using threat intelligence information. There are three key functional elements: Indicators, Observables, and Incidents TAXII (Trusted Automated eXchange of Indicator Information) is a transport mechanism for threat information

https://www.cisco.com/c/en/us/support/docs/storage-networking/security/214859-configure-and-troubleshoot-cisco-threat.html Search consume

Again someone needs to Update these answers, Consumption is the correct Answer

UPLOAD / DOWNLOAD is a keyword - it is B

check out the diagram in figure 2 https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/cisco_threat_intelligence_director__tid_.html

B looks correct. The question says: "allows uploads and downloads of block lists", which is the method of sharing. Consumption always means downloading the block list.

I've looked at multiple sources for this one, it's definitely 'D' - Consumption: "TID has the ability to 'consume' threat intelligence via STIX over TAXII and allows uploads/downloads of STIX and simple blacklists.

https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligence-director

Editing, is not the correct answer because editing refers to the process of modifying existing STIX-compliant threat intelligence data, rather than creating new data or sharing it with other security platforms. Sharing, is also not the correct answer because while sharing is an important aspect of the STIX format, it does not specifically refer to the process of using STIX to create or update block lists. Consumption, is not the correct answer because consumption refers to the process of using STIX threat intelligence data to inform security policies or other security-related decisions, rather than the process of creating or updating block lists based on STIX data.

It is Consumption. --- https://www.cisco.com/c/en/us/support/docs/storage-networking/security/214859-configure-and-troubleshoot-cisco-threat.html --- Cisco Threat Intelligence Director (TID) is a system that operationalizes threat intelligence information. The system consumes and normalizes heterogeneous third-party cyber threat intelligence, publishes the intelligence to detection technologies and correlates the observations from the detection technologies.

I believe it is consumption.

prefer A

A or D

Isn't D - Consumption? The answer is consumption (B) - https://blogs.cisco.com/developer/automate-threat-intelligence-using-cisco-threat-intelligence-director "TID has the ability to consume threat intelligence via STIX over TAXII and allows uploads/downloads of STIX and simple blacklists"