Certified Threat Intelligence Analyst (CTIA) — Question 13
Sarah is a security operations center (SOC) analyst working at JW Williams and Sons organization based in Chicago. As a part of security operations, she contacts information providers (sharing partners) for gathering information such as collections of validated and prioritized threat indicators along with a detailed technical analysis of malware samples, botnets, DDoS attack methods, and various other malicious tools. She further used the collected information at the tactical and operational levels.
Sarah obtained the required information from which of the following types of sharing partner?
Answer options
- A. Providers of threat data feeds
- B. Providers of threat indicators
- C. Providers of comprehensive cyber-threat intelligence
- D. Providers of threat actors
Correct answer: A
Explanation
The correct answer is A, as providers of threat data feeds supply the necessary validated and prioritized threat indicators that Sarah used. Options B and C are too narrow or broad, respectively, and do not specifically encompass the comprehensive data feeds that Sarah requires. Option D focuses on threat actors, which does not pertain to the gathering of threat indicators and analyses.