In intelligence development, which activity is included?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

In intelligence development, which activity is included?

Explanation:
Campaign identification is the activity you use in intelligence development because it focuses on organizing scattered observations into a single, coherent threat picture. Analysts look at multiple indicators—malware families, infrastructure, TTPs, victim profiles, and timing—to determine whether they’re part of the same adversary campaign. By identifying and defining that campaign, you can map objectives, capabilities, and the evolution of the operation, which helps anticipate next moves, prioritize defenses, and inform higher-level attribution. The other options are more about operational techniques than the analytic work of building intelligence. Bit mangling implies altering data at a low level, data decoy is about misleading with false data, and traffic shaping involves manipulating network traffic—none of which capture the process of recognizing and linking related activities into a campaign.

Campaign identification is the activity you use in intelligence development because it focuses on organizing scattered observations into a single, coherent threat picture. Analysts look at multiple indicators—malware families, infrastructure, TTPs, victim profiles, and timing—to determine whether they’re part of the same adversary campaign. By identifying and defining that campaign, you can map objectives, capabilities, and the evolution of the operation, which helps anticipate next moves, prioritize defenses, and inform higher-level attribution.

The other options are more about operational techniques than the analytic work of building intelligence. Bit mangling implies altering data at a low level, data decoy is about misleading with false data, and traffic shaping involves manipulating network traffic—none of which capture the process of recognizing and linking related activities into a campaign.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy