Skip to content

Graded Quiz: Threat Hunting and Threat Intelligence :Penetration Testing, Threat Hunting, and Cryptography (IBM Cybersecurity Analyst Professional Certificate) Answers 2025

1. Question 1 — What distinguishes unstructured hunting?

  • ❌ Unstructured hunting is limited to physical security

  • ❌ Unstructured hunting uses IoCs

  • ❌ Unstructured hunting uses preset detection rules

  • Unstructured hunting relies on published threat intelligence reports

Explanation:
Unstructured hunting = starting from external threat intelligence and hunting based on known adversary behaviors—not defined rules or IoCs.

2. Question 2 — Threat hunting method aligned with MITRE ATT&CK

  • ❌ Hypothesis hunting

  • ❌ Situational hunting

  • ❌ Custom hunting

  • Intel-based hunting

Explanation:
Intel-based hunting uses known adversary techniques mapped to MITRE ATT&CK.

3. Question 3 — Best medium for communicating threat findings

  • ❌ Informal meetings

  • Intelligence reports, alerts, briefings, daily updates, dashboards

  • ❌ Public announcements

  • ❌ Social media posts

Explanation:
Threat intelligence must be communicated formally, clearly, and actionably.

4. Question 4 — Key objective of the feedback step

  • Refining intelligence requirements and guiding future data collection

  • ❌ Analyzing data

  • ❌ Gathering raw data

  • ❌ Presenting findings

Explanation:
Feedback improves the TI cycle by adjusting priorities and intelligence needs.

5. Question 5 — SIEM component for collecting & analyzing event data

  • ❌ Log management

  • Event correlation and analytics

  • ❌ Incident monitoring

  • ❌ Compliance reporting

Explanation:
Event correlation analyzes multiple logs/events to detect patterns and attacks.

6. Question 6 — Advantage of integrating 3rd-party threat intelligence into SIEM

  • ❌ Automatic resolution

  • ❌ Automated compliance

  • Cross-referencing internal data with external threat signatures

  • ❌ Enhanced visualization

Explanation:
External TI enables SIEM to match logs with known threats for faster detection.

7. Question 7 — AI advantage when severity is unclear

  • ❌ Provides dashboards

  • ❌ Auto-blocks threats

  • Provides detailed severity, origin, and impact analysis

  • ❌ Multi-language reports

Explanation:
AI analyzes patterns and context to assess threat seriousness.

8. Question 8 — Benefit of NLP in threat intelligence

  • ❌ Optimize networks

  • ❌ Design infrastructure

  • ❌ Write code

  • Analyze unstructured data for insights

Explanation:
NLP extracts meaning from threat reports, blogs, dark-web chatter, etc.

9. Question 9 — Kill Chain phase where attacker creates malware

  • ❌ Exploitation

  • Weaponization

  • ❌ Delivery

  • ❌ Reconnaissance

Explanation:
Weaponization = creating malware + exploit payloads before delivery.

10. Question 10 — “Capability” in Diamond Model

  • ❌ Technical resources

  • Specific tools and techniques used during the attack

  • ❌ Victim

  • ❌ Motivation

Explanation:
Capability = malware, exploits, procedures, and skills used by the adversary.

🧾 Summary Table

Q Correct Answer Key Concept
1 Unstructured hunting uses TI reports Hunting methods
2 Intel-based hunting MITRE ATT&CK alignment
3 Reports, alerts, dashboards Stakeholder communication
4 Refine requirements Threat intel cycle
5 Event correlation SIEM core function
6 Cross-reference external TI SIEM + TI advantage
7 Severity + impact analysis AI threat intelligence
8 NLP analyzes unstructured data NLP value
9 Weaponization Cyber Kill Chain
10 Tools & techniques Diamond Model