Exam SY0-601 topic 1 question 476 discussion

-D is correct A security analyst would use threat feeds to determine if other companies in the same sector have seen similar malicious activity against their systems. Threat feeds are a source of information about current and emerging threats, including indicators of compromise (IOCs), which can help organizations identify and respond to attacks. By analyzing threat feeds, a security analyst can identify if other organizations in the same sector are experiencing similar attacks or if a particular attack is unique to their organization.

It could be B or D but I might go with B. Threat feeds provide information on known or suspected threats, but they may not necessarily indicate whether other companies in the same sector have experienced similar attacks. Threat feeds may be useful for identifying potential threats and indicators of compromise, but they may not provide context about the scope or impact of those threats on other organizations. In contrast, open-source intelligence (OSINT) can provide broader context and information about incidents and attacks that have been reported or discussed in public sources, including news articles, blogs, and social media. By analyzing OSINT, a security analyst can gain insights into trends and patterns of attacks against organizations in the same sector and potentially identify proactive measures to mitigate future risks.

I chose D - Threat Feeds. Reason being, that threat feeds contain OSINT AND Commercial Feeds, which would contain information about similar attacks/threats/vulnerabilities specifically impacting an industry.

B -OSINT Dion Training 701 Study Guide Open-Source Intelligence (OSINT) ● Collected from publicly available sources like reports, forums, news articles, blogs, and social media ● Often available at no cost ● Valuable for insights into emerging threats and vulnerabilities ● Examples include feeds from AlienVault Open Threat Exchange, SANS Internet Storm Center, and security research forums Dion Training 601 Study Guide Open-Source Intelligence (OSINT) o Methods of obtaining information about a person or organization through public records, websites, and social media

I would go with B. Open-source intelligence

B. Open source Intelligence.

What gives it off is "other companies in the same sector have seen similar malicious activity" that's what makes it D

D. Threat feeds *Public and private verticals* You can source threat intelligence from public and private verticals offering unique threat intelligence relevant to your specific business and industry. Depending on the vertical, you can find threat intelligence feeds catering to your specific needs. Businesses and governments managing critical infrastructure often use these feeds. https://www.bluevoyant.com/knowledge-center/threat-intelligence-feeds-explained

D. Threat feeds

This is insane! went for D

Option B is correct. Please refer to the following URL. https://www.crowdstrike.com/cybersecurity-101/osint-open-source-intelligence/

Threat feeds, also known as threat intelligence feeds, are sources of data that provide information about current cybersecurity threats, vulnerabilities, and malicious activities. These feeds typically contain indicators of compromise (IOCs) such as IP addresses, URLs, file hashes, and patterns associated with known threats.

In order to share threat intelligence regard a specific sector, the security analyst have to use threat feeds.

Read this and you will understand why it is Threat Feed and not OSINT:"The greatest disadvantage of OSINT vs commercial threat intelligence is also that it’s free and easily acquired. And all the same benefits that defenders can derive from OSINT are also readily available and used by threat actors. Threat actors are notorious for using any available free tools as it helps maximize their profits and OSINT is no exception. OSINT very clearly defines which vulnerabilities are and are not an active concern to analysts, arming the attackers with exactly the information they need about which vulnerabilities to leverage for an attack. Strategically speaking, you won’t get ahead of the adversaries if they have access to all the same details as your security analysts, and you won’t be competitive against other solutions in an over-saturated cybersecurity market." Credit: https://zvelo.com/osint-vs-commercial-threat-intelligence/

D. Threat feeds are specifically designed to provide relevant and timely information about threats that are pertinent to the security community

D. Threat feeds A security analyst would use threat feeds to determine if other companies in the same sector have seen similar malicious activity against their systems. Threat feeds are a valuable source of information that provide real-time data on current and emerging threats, including indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) used by threat actors. Threat feeds are typically provided by reputable cybersecurity organizations, government agencies, or commercial threat intelligence providers. They gather and analyze data from various sources, such as honeypots, malware analysis, underground forums, and other security research. This information can help security analysts stay informed about the latest threats and trends in the cybersecurity landscape.

The correct answer is D. Threat feeds. Threat feeds are streams of data that provide information about potential threats, vulnerabilities, and malicious activities. They are often used by security analysts to stay informed about the latest threats and to see if similar threats have been reported by other organizations. This information can help analysts to better protect their own organizations by learning from the experiences of others.