Exam 312-50v11 topic 1 question 311 discussion

The correct option is D. Technical threat intelligence

Cyber Threat Intelligence Types of Threat Intelligence - Technical Threat Intelligence Technical threat intelligence provides information about resources an attacker uses to perform an attack; this includes command and control channels, tools, and other items. It has a shorter lifespan compared to tactical threat intelligence and mainly focuses on a specific IoC. It provides rapid distribution and response to threats.This intelligence is directly fed into the security devices in digital format to block and identify inbound and outbound malicious traffic entering the organization’s network. (P.76/60)

Answer is technical

According to CEHv11 Book 1 pg. 76 "This information helps security professionals add the identified indicators to the defensive systems such as IDS and IPS, firewalls, and endpoint security systems, thereby enhancing the detection mechanisms used to identify the attacks at an early stage. It also helps them identify malicious traffic and IP addresses suspected of spreading malware and spam emails. This intelligence is directly fed into the security devices in digital format to block and identify inbound and outbound malicious traffic entering the organization’s network."

In my opinion the "security devices" is a key.

Definition Word for word in CEH Book p.60

Operational Cyber Threat Intelligence Operational intelligence is mostly comprised of machine-readable data, also known as indicators of compromise (IOCs). It can be URLs, file names and hashes, domain names, IP addresses, etc. Its use ranges from blocking attacks to triaging and validating alerts and searching and eliminating specific threats within a network. IOCs usually become outdated in a matter of hours. Still, it is important to note that aging indicators aren’t good practice as threats may remain active for months or even years, continuing to pose danger to enterprises. As the most volatile of the three types of intelligence, Operational indicators should be closely vetted and monitored to assure their dependability. They are better consumed by tools like SPAM filters, firewalls, IDS/IPS, SIEM, SOAR, etc, helping security teams quickly respond to malicious campaigns. Operational threat intelligence indicators are collected from active campaigns, attacks performed against honeypots and data shared by third parties. https://www.malwarepatrol.net/three-types-of-cyber-threat-intelligence/

Technical Intelligence is Correct. It also helps Incident Response teams identify malicious traffic and suspected IP addresses used to spread malware and spam mails. This intelligence is directly fed into the security devices in digital format to block and identify inbound and outbound malicious traffic entering the organization’s network.

Technical threat intelligence provides information above an attacker’s resources that are used to perform the attack; this includes command and control channels, tools, etc mainly focuses on a specific loC. It provides rapid distribution and response to threats.