Cyber Threat Intelligence Problem-Solving and Analytical Questions

1. A company's network has been experiencing intermittent DDoS attacks. You are given logs showing IP addresses and request counts over a 24-hour period. How would you identify potential attack sources and mitigate the threat?

2. A phishing scheme has compromised several user accounts, resulting in data leaks. You receive a dataset of affected accounts, timestamps, and email headers. How would you analyze this data to determine the attack vector and prevent future incidents?

3. A series of unauthorized access attempts are detected on a company's server. You have access to the server logs, showing timestamps, user IDs, and locations of login attempts. How can you analyze this data to identify patterns and suggest preventive measures?

4. During a routine review, you find unusual outbound traffic patterns from a particular machine on the network. What steps would you take to conduct a forensics analysis of the data to discern if this is a potential data exfiltration attempt?

5. You are given a set of traffic data that includes source and destination IP addresses, time stamps, and packet sizes. How would you interpret this data to identify signs of a possible insider threat or data breach?

6. An external security audit reveals inconsistencies in the access logs of a sensitive data repository. You have been tasked with analyzing the logs to determine if there was any unauthorized access. What analytical techniques would you apply?

7. You receive a report of a new malware variant that exploits a zero-day vulnerability. You have access to the malware's behavioral analysis data. How would you approach modeling the threat landscape to predict potential targets?

8. You are tasked with analyzing a dataset containing information on historical cyber incidents. You need to find patterns that correlate attack types with the industries affected. What statistical methods would you employ for this analysis?

9. A rival organization has experienced a security breach linked to a third-party vendor. Given a dataset containing vendor interactions, incident reports, and communication logs, how would you assess the risk to your organization?

10. You are presented with a series of security alerts generated by an intrusion detection system (IDS). Half of the alerts are false positives. Describe how you would employ analysis techniques to improve the accuracy of the alerts.