Example Quiz - Defend Edge

Tier 1 Assessment – Internal 2 Team (CTI)

1 / 37

1. ZeroFox Monitoring

Demonstrate how to switch organizations.

2 / 37

2. Infiltrator CVE and Network Monitoring

Are CVEs emailed as a word document or PDF?

a. aWord Document

b. PDF

3 / 37

3. Operator Domain Permutations

What 3 CTI items need to be updated with each discovered permutation?

4 / 37

4. CTI Products and Services Tracker

Identify the Reyes portion of the tracker.

5 / 37

5. Operator Social Media

What search inputs can be utilized to narrow down a search?

6 / 37

6. CTI Products and Services Tracker

Identify the correct distribution for Family Domain Permutations.

7 / 37

7. Operator Social Media

What document is used to access the CTI sock puppets?

a. CTI Products and Services Tracker

b. Social Media Support Log

c. URL Tracker

d. ADP Time Codes

8 / 37

8. Digital Footprint Cards

Which document contains the list of sites where you can search for client PII?

a. CTI Products and Services Tracker

b. Social Media Support Log

c. URL Tracker

d. ADP Time Codes

9 / 37

9. CTI Products and Services Tracker

Identify the correct distribution for Executive CVEs.

10 / 37

10. ATO/CAIS/SIIP

When passwords are involved, how are they displayed in an email?

a. Plaintext

b. Redacted

c. Not at all

11 / 37

11. Digital Footprint Cards

Which of our clients receive monitoring for digital footprint cards?

a. Executive, Fernwood, and ICM

b. Executive and ICM

c. Fernwood and ICM

d. Executive and Fernwood

12 / 37

12. ZeroFox Monitoring

What needs to be added to the notes section of any alert?

13 / 37

13. General Support and Analysis

What type of support falls under this category?

14 / 37

14. Infiltrator CVE and Network Monitoring

What classification is the document/PDF?

a. Public: General Disclosure

b. Sensitive: Internal and Client Use Only

c. Confidential: Sensitive//Limited Disclosure

d. Not classified

15 / 37

15. ATO/CAIS/SIIP

What platforms are monitored?

a. Jira, iDNA, and SpyCloud

b. Elastic, SpyCloud, and ZeroFox

c. SpyCloud, iDNA, and ZeroFox

d. Jira, Elastic, and iDNA

16 / 37

16. Mini iDNA Tracker

When do you update the mini iDNA page in the admin record?

a. Once a week

b. Twice a week

c. Bi-weekly

d. With each new ticket

17 / 37

17. Mini iDNA Tracker

What is the Mini iDNA?

18 / 37

18. SNOW Tracker

What type of tickets are sent via SNOW?

a. ATO and CAIS

b. CAIS and Attack surface monitoring

c. ATO, CAIS, CVE, and Domain Permutations

d. ATOs, CAIS, CVEs, Domain Permutations, and Attack surface monitoring

19 / 37

19. Physical Security Log

Where do Physical Security alerts populate?

a. Jira

b. Elastic

c. ZeroFox

d. SpyCloud

20 / 37

20. Infiltrator CVE Monitoring

Choose a CVE ticket and demonstrate where each piece of information fits into the admin record.

21 / 37

21. Domain Monitoring

Pull up a weekly holding ticket on Jira

Choose an identified domain permutation and demonstrate where each piece of information fits into the admin record.

22 / 37

22. Physical Security Log

Choose a Safety Alert ticket and demonstrate where each piece of information fits into the admin record.

23 / 37

23. SNOW Tracker

Where can you check which tickets are applicable?

a. Collections Schedule

b. CTI Products and Services Tracker

c. Admin Record

d. None of the above

24 / 37

24. Domain Monitoring

Where can you identify our monitored domains?

a. Admin Record

b. Monthly iDNA

c. CTI Products and Services Tracker

d. Both A and B

25 / 37

25. SNOW Tracker

What is SNOW?

26 / 37

26. Infiltrator CVE Monitoring

Where do CVEs populate?

a. SpyCloud

b. Elastic

c. ZeroFox

d. Jira

27 / 37

27. Domain Monitoring

What Would Qualify as a False Positive?

a. Domain is owned by client

b. Previously ticketed

c. Domain is not impersonating

d. All of the above

28 / 37

28. SNOW Tracker

Who on the team is allowed to change the status of the ticket?

a. Tier 1s

b. Tier 2s

c. FTEs

d. Both B and C

29 / 37

29. SNOW Tracker

Pull up a ticket on Jira that is SNOW applicable.

30 / 37

30. Domain Monitoring

What does a “Takedown” consist of?

31 / 37

31.

Infiltrator CVE Monitoring

What qualifies as a ticket-able CVSS rating?

a. 7 and above

b. 8 and above

c. 6 and above

d. 9 and above

32 / 37

32. Domain Monitoring

What are the steps of completion when a registrar emails back our takedown request and states that a UDRP needs to be completed?

a. Ignore the email and assume the takedown is completed

b. Fill out documentation and send it back

c. Let an FTE know

d. Other (explain further)

33 / 37

33. SNOW Tracker

When adding a ticket to the SNOW tracker, what status is inputted?

a. Send to SNOW

b. Waiting for customer

c. Review

d. Waiting for support

34 / 37

34. Domain Monitoring

What qualifies as an open, offline, parked, and for sale status?

35 / 37

35. SNOW Tracker

Which client uses SNOW?

a. Executive

b. Fernwood

c. ICM

d. All of the above

36 / 37

36. Mini iDNA Tracker

Describe each section of Mini iDNA.

37 / 37

37. Mini iDNA Tracker

Explain the ticket placement for the “New” columns.

Your score is