Certified SOC Analyst (CSA) — Question 22

Which of the following threat intelligence is used by a SIEM for supplying the analysts with context and "situational awareness" by using threat actor TTPs, malware campaigns, tools used by threat actors.
1. Strategic threat intelligence
2. Tactical threat intelligence
3. Operational threat intelligence
4. Technical threat intelligence

Answer options

• A. 2 and 3
• B. 1 and 3
• C. 3 and 4
• D. 1 and 2

Correct answer: A

Explanation

The correct answer is A, as Tactical and Operational threat intelligence focuses on the TTPs of threat actors and malware campaigns, which is essential for situational awareness. Strategic threat intelligence (option B and D) deals more with high-level trends and risks, while Technical threat intelligence (option C) generally involves specific tools and techniques rather than a broader context.