Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?
The best description for the data streams mentioned would be "Threat Intelligence Feeds". Threat Intelligence Feeds gather and analyze data from various sources to provide insight into current and emerging cybersecurity threats, including cyber intrusions, phishing attacks, and other malicious cyber activities. These feeds use artificial intelligence algorithms and machine learning to process vast amounts of data and identify patterns that indicate malicious activity.
Threat feeds are data streams that are compiled through artificial intelligence (AI) and provide insight on current cyberintrusions, phishing, and other malicious cyberactivity. These feeds gather information from various sources, such as cybersecurity vendors, research organizations, government agencies, and global threat intelligence networks. The data is processed and analyzed using AI algorithms to identify patterns, indicators, and signatures of cyber threats. Threat feeds can include information on new malware, vulnerabilities, attack techniques, and threat actors, helping organizations stay informed and proactive in their cybersecurity defenses.
For those confused by A, yes, the process described is indeed intelligence fusion. However, the data streams being used are referred to as Threat Data Feeds. It's asking the name of the data stream being used in the process.
From the CompTIA student textbook:
"Intelligence fusion and threat data—threat hunting can be performed by manual analysis of network and log data, but this is a very lengthy process. An organization with a security information and event management (SIEM) and threat analytics platform can apply intelligence fusion techniques. The analytics platform is kept up to date with a TTP and IoC threat data feed. Analysts can develop queries and filters to correlate threat data against on-premises data from network traffic and logs. This process may also be partially or wholly automated using AI-assisted analysis and correlation."
Intelligence fusion and threat data: threat hunting can be performed by manual analysis of network and log data, but this is a very lengthy process. An organization with a security information and event management (SIEM) and threat analytics platform can apply intelligence fusion techniques. The analytics platform is kept up to date with a TTP and IoC THREAT DATA FEED. Analysts can develop queries and filters to correlate threat data against on-premises data from network traffic and logs. This process may also be partially or wholly automated using AI-assisted analysis and correlation.
From the official CompTIA Sec+ SY0-601 Study Guide.
A: (Per ChatGPT)
Intelligence fusion can be achieved through threat intelligence feeds, which are continuous data streams filled with threat information collected by artificial intelligence.
Threat feeds are compiled data streams that provide information on current cyber threats, such as malware, phishing, and other malicious activity. Intelligence fusion is the process of compiling then --> D.
The correct answer is D. Threat feeds.
Threat feeds are data streams that are compiled through artificial intelligence, machine learning, and other sources to provide insight on current cyberintrusions, phishing, and other malicious cyber activity. Threat feeds are used by security teams to stay informed about the latest threats and to proactively identify potential security incidents.
Option A, intelligence fusion, involves combining information from multiple sources to create a more comprehensive picture of potential security threats. Option B, review reports, involves reviewing reports generated by security tools or analysts to identify potential security incidents. Option C, log reviews, involves analyzing logs generated by network and system components to identify potential security incidents. While all of these options may be useful for identifying and responding to security incidents, they do not specifically refer to the use of artificial intelligence and machine learning to compile threat data.
Individually cyberintrusions info, phishing info, and other malicious cyberactivity are threat feeds.
They are collected together by intelligence fusion centers.
What are threat feeds? Threat feeds are a mechanism for users to receive current data on cyber intrusions, phishing and other types of fresh information on malicious activity. They are continuous data streams compiled via artificial intelligence to provide insights into risks and trends as they occur
https://cofense.com/knowledge-center/what-is-the-difference-between-threat-feeds-and-threat-intelligence-feeds/#:~:text=What%20are%20threat%20feeds%3F,and%20trends%20as%20they%20occur..
'Insight' is the key word in the question -
'Intelligence fusion is a process involving collecting & analysing threat feeds from both internal & external sources on a large scale'
What are threat intelligence feeds?
Threat intelligence feeds are continuous data streams filled with threat information collected by artificial intelligence. Any cybersecurity risk data that organizations can use to better understand their overall threat landscape is considered threat intelligence. For example, threat intelligence information may include information that provides visibility into the current state of the network, identification of IoCs such as anomalous account activity, unhuman web traffic behavior, and other irregularities, or recently discovered zero-day exploits.
https://securityscorecard.com/blog/what-are-threat-intelligence-feeds/
The cyber fusion approach focuses on integrating threat intelligence across all security aspects of an organization to tackle the targeted threats. This strategy allows security teams to contextualize insights into malicious activities and meaningfully orchestrate cybersecurity operations across the network.
"Threat feeds are information sources that provide real-time or near real-time data on security threats. These feeds can come from a variety of sources, including commercial vendors, open source projects, and government agencies. IT feeds can be used to help organizations detect and respond to security threats more quickly and effectively."
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ufuk_Ari
Highly Voted 2 years, 4 months agoApplebeesWaiter1122
Highly Voted 2 years, 1 month agoPisces225
Most Recent 1 year, 4 months agoTheExile
1 year, 6 months agoTeleco0997
1 year, 7 months agoRichwayst
1 year, 8 months agoYaakb
1 year, 11 months agoXabovion
2 years, 1 month agomademade
1 year, 7 months agoYawannawanka
2 years, 2 months agoNeither_you_nor_me
2 years, 2 months agoNishkurup
2 years, 3 months agosmez
2 years, 3 months agoRckStdy
2 years, 3 months agoJibz18
2 years, 4 months ago[Removed]
2 years, 4 months agohsdj
2 years, 4 months agosdc939
2 years, 4 months ago