When leveraging a MISP feed to detect Command-and-Control domain indicators in the entity graph, which of the following entity settings should you apply to filter for domain IOCs?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Google SecOps Professional Engineer Test with our interactive quiz. Utilize flashcards and multiple-choice questions with hints and explanations to boost your readiness and confidence.

Multiple Choice

When leveraging a MISP feed to detect Command-and-Control domain indicators in the entity graph, which of the following entity settings should you apply to filter for domain IOCs?

Explanation:
The key is to filter for the exact kind of indicator you want and its source context. By using entity_type set to DOMAIN_NAME you restrict the graph to domain indicators, ensuring you’re looking at actual domain IOCs rather than other types like IPs or hashes. Pairing that with source_type set to ENTITY_CONTEXT ensures those domain IOCs come from concrete MISP entities, not from derived inferences or global aggregates. This combination yields a precise, relevant set of C2 domain indicators for your graph analysis. Using derived or global context would bring in domains inferred from other data or from broad, non-entity sources, which can add noise or reduce reliability. Unspecified source type wouldn’t constrain the data appropriately, making the results less targeted.

The key is to filter for the exact kind of indicator you want and its source context. By using entity_type set to DOMAIN_NAME you restrict the graph to domain indicators, ensuring you’re looking at actual domain IOCs rather than other types like IPs or hashes. Pairing that with source_type set to ENTITY_CONTEXT ensures those domain IOCs come from concrete MISP entities, not from derived inferences or global aggregates. This combination yields a precise, relevant set of C2 domain indicators for your graph analysis.

Using derived or global context would bring in domains inferred from other data or from broad, non-entity sources, which can add noise or reduce reliability. Unspecified source type wouldn’t constrain the data appropriately, making the results less targeted.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy