Exam SY0-701 topic 1 question 513 discussion

Hacker collect finds the target victim, and it's info in the open sources, eventually attacking. OSINT for Social Engineering Testing: Information Gathering: Employee names from LinkedIn Company structure from websites Email formats from public posts Phone numbers from directories Office locations from Google Maps

D. Producing IOC for malicious artifacts ✔ Correct — this typically involves OSINT. Threat intelligence teams often use OSINT to gather: Malware hash information C2 domains/IPs Phishing indicators Dark web chatter Public sandbox reports Pastebin leaks These public sources are used to produce IOCs (Indicators of Compromise).

OSINT (Open-Source Intelligence) is used in part to gather information for social engineering. "[OSINT] can be used for both legitimate purposes (like security investigations or threat intelligence) and malicious ones (like planning cyberattacks or social engineering campaigns)." IOC is wrong for the reasons other people have stated.

Besides threat feeds, OSINT is often used to create cybersecurity threat maps that illustrate cyber threats overlaid on a diagrammatic representation of a geographical area. Figure 12-2 illustrates a threat map. Threat maps help in visualizing attacks and provide a limited amount of context on the source and the target countries, the attack types, and historical and near real-time data about threats.

OSINT (Open-Source Intelligence) refers to gathering publicly available information from sources like websites, social media, forums, and public records. Collecting evidence of malicious activity often involves analyzing public threat reports, leaked data, or attacker footprints found in open sources.

Answer: A. Social engineering testing Open Source Intelligence (OSINT) involves gathering information from publicly available sources. Social engineering testing often uses OSINT to collect data about individuals or organizations to craft convincing phishing attacks or other social engineering tactics. Why the other options are not correct: C. Collecting evidence of malicious activity Collecting evidence of malicious activity typically involves forensic analysis of compromised systems or networks, which relies on internal data and artifacts rather than publicly available information. D. Producing IOCs for malicious artifacts Producing Indicators of Compromise (IOCs) involves analyzing malware or attack patterns to create signatures or identifiers. This process is based on technical analysis of malicious artifacts, not on publicly available information.