CompTIA CySA+ Cybersecurity Analyst

Certification Practice Exams (Exam

CS0-002) Kelly Sparks [Sparks
Visit to download the full and correct content document:
https://ebookmass.com/product/comptia-cysa-cybersecurity-analyst-certification-practi
ce-exams-exam-cs0-002-kelly-sparks-sparks/
ABOUT THE AUTHOR
Kelly Sparks, CISSP, CompTIA CySA+, is a cybersecurity
professional with over three decades of experience in the
Department of Defense, private sector, and higher education.
Kelly currently serves as a professor of cybersecurity at Defense
Acquisition University (DAU), where he provides cybersecurity
consulting, develops curriculum, lectures, and facilitates workshops
in subject areas such as risk management framework, computer
network defense, cyber tabletop exercises, system security
engineering, and threat-based engineering.
Before DAU, Kelly served in multiple roles as a government
civilian, defense contractor, and active duty Air Force member
leading and supporting activities such as security control
assessment, information system security management, vulnerability
assessment, risk management framework, communications security,
operations security, network security, computer network defense,
incident response, vulnerability assessment, and penetration testing.
He is a technical editor for McGraw Hill and has supported several
projects such as efforts for the following professional certifications:
(ISC)2 Certified Information Systems Security Professional (CISSP),
ISACA Certified in Risk and Information Systems Control (CRISC),
CompTIA Cybersecurity Analyst (CySA+), and SANS GIAC Security
Essentials (GSEC).
Kelly earned his BS in Computer Science from Park University and
MS in Network Security from Capitol Technical University. He also
holds graduate certificates in Security Management and Network
Protection from Capitol Technical University.

About the Technical Editor

Bobby E. Rogers is a cybersecurity professional with over 30 years
in the information technology and cybersecurity fields. He currently
works for a major engineering company in Huntsville, Alabama, as a
contractor for Department of Defense agencies, helping to secure,
certify, and accredit their information systems. Bobby’s specialties
are cybersecurity engineering, security compliance, and cyber risk
management, but he has worked in almost every area of
cybersecurity, including network defense, computer forensics,
incident response, and penetration testing. He is a retired Master
Sergeant from the U.S. Air Force, having served for over 21 years.
Bobby has built and secured networks in the United States, Chad,
Uganda, South Africa, Germany, Saudi Arabia, Pakistan, Afghanistan,
and several other countries all over the world. He holds a Master of
Science degree in Information Assurance and is currently writing his
dissertation for a doctoral degree in cybersecurity. His many
certifications include CISSP-ISSEP, CRISC, and CySA+. He has
narrated and produced over 30 computer security training videos for
several training companies and is also the author of CompTIA
Mobility+ Certification All-In-One Exam Guide (Exam MB0-001),
CRISC Certified in Risk and Information Systems Control All-In-One
Exam Guide, Mike Meyers’ CompTIA Security+ Certification Guide
(Exam SY0-401), and contributing author/technical editor for the
popular CISSP All-In-One Exam Guide, Eighth Edition, all from
McGraw Hill.
Copyright © 2021 by McGraw Hill. All rights reserved. Except as
permitted under the United States Copyright Act of 1976, no part of
this publication may be reproduced or distributed in any form or by
any means, or stored in a database or retrieval system, without the
prior written permission of the publisher.

ISBN: 978-1-26-047364-3
MHID: 1-26-047364-3

The material in this eBook also appears in the print version of this
title: ISBN: 978-1-26-047363-6, MHID: 1-26-047363-5.

eBook conversion by codeMantra

Version 1.0

All trademarks are trademarks of their respective owners. Rather

than put a trademark symbol after every occurrence of a
trademarked name, we use names in an editorial fashion only, and
to the benefit of the trademark owner, with no intention of
infringement of the trademark. Where such designations appear in
this book, they have been printed with initial caps.

McGraw-Hill Education eBooks are available at special quantity

discounts to use as premiums and sales promotions or for use in
corporate training programs. To contact a representative, please visit
the Contact Us page at www.mhprofessional.com.

Information has been obtained by McGraw Hill from sources believed

to be reliable. However, because of the possibility of human or
mechanical error by our sources, McGraw Hill, or others, McGraw Hill
does not guarantee the accuracy, adequacy, or completeness of any
information and is not responsible for any errors or omissions or the
results obtained from the use of such information.

TERMS OF USE
This is a copyrighted work and McGraw-Hill Education and its
licensors reserve all rights in and to the work. Use of this work is
subject to these terms. Except as permitted under the Copyright Act
of 1976 and the right to store and retrieve one copy of the work,
you may not decompile, disassemble, reverse engineer, reproduce,
modify, create derivative works based upon, transmit, distribute,
disseminate, sell, publish or sublicense the work or any part of it
without McGraw-Hill Education’s prior consent. You may use the
work for your own noncommercial and personal use; any other use
of the work is strictly prohibited. Your right to use the work may be
terminated if you fail to comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND

ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO
THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS
TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY
INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA
HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY
WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR
A PARTICULAR PURPOSE. McGraw-Hill Education and its licensors do
not warrant or guarantee that the functions contained in the work
will meet your requirements or that its operation will be
uninterrupted or error free. Neither McGraw-Hill Education nor its
licensors shall be liable to you or anyone else for any inaccuracy,
error or omission, regardless of cause, in the work or for any
damages resulting therefrom. McGraw-Hill Education has no
responsibility for the content of any information accessed through
the work. Under no circumstances shall McGraw-Hill Education
and/or its licensors be liable for any indirect, incidental, special,
punitive, consequential or similar damages that result from the use
of or inability to use the work, even if any of them has been advised
of the possibility of such damages. This limitation of liability shall
apply to any claim or cause whatsoever whether such claim or cause
arises in contract, tort or otherwise.
To my forever partner and wife Maryann and my children Joshua
Wesley and Samuel Hunter, who supported and encouraged me
throughout this endeavor.
 CONTENTS AT A GLANCE
Part I Threat and Vulnerability Management

Chapter 1 The Importance of Threat Data and Intelligence

Chapter 2 Threat Intelligence in Support of Organizational Security

Chapter 3 Vulnerability Management Activities

Chapter 4 Vulnerability Assessment Tools

Chapter 5 Threats and Vulnerabilities Associated with Specialized

Technology

Chapter 6 Threats and Vulnerabilities Associated with Operating in

the Cloud

Chapter 7 Mitigating Controls for Attacks and Software

Vulnerabilities

Part II Software and Systems Security

Chapter 8 Security Solutions for Infrastructure Management

Chapter 9 Software Assurance Best Practices

Chapter 10 Hardware Assurance Best Practices

Part III Security Operations and Monitoring

Chapter 11 Data Analysis in Security Monitoring Activities

Chapter 12 Implement Configuration Changes to Existing Controls

to Improve Security
Chapter 13 The Importance of Proactive Threat Hunting

Chapter 14 Automation Concepts and Technologies

Part IV Incident Response

Chapter 15 The Importance of the Incident Response Process

Chapter 16 Appropriate Incident Response Procedures

Chapter 17 Analyze Potential Indicators of Compromise

Chapter 18 Utilize Basic Digital Forensics Techniques

Part V Compliance and Assessment

Chapter 19 The Importance of Data Privacy and Protection

Chapter 20 Security Concepts in Support of Organizational Risk

Mitigation

Chapter 21 The Importance of Frameworks, Policies, Procedures,

and Controls

Part VI Appendixes

Appendix A Objective Map

Appendix B About the Online Content

 CONTENTS
Acknowledgments

Introduction

Part I Threat and Vulnerability Management

Chapter 1 The Importance of Threat Data and Intelligence

Questions
Quick Answer Key
Answers

Chapter 2 Threat Intelligence in Support of Organizational Security

Questions
Quick Answer Key
Answers

Chapter 3 Vulnerability Management Activities

Questions
Quick Answer Key
Answers

Chapter 4 Vulnerability Assessment Tools

Questions
Quick Answer Key
Answers

Chapter 5 Threats and Vulnerabilities Associated with Specialized

Technology
Questions
Quick Answer Key
Answers
Chapter 6 Threats and Vulnerabilities Associated with Operating in
the Cloud
Questions
Quick Answer Key
Answers

Chapter 7 Mitigating Controls for Attacks and Software

Vulnerabilities
Questions
Quick Answer Key
Answers

Part II Software and Systems Security

Chapter 8 Security Solutions for Infrastructure Management

Questions
Quick Answer Key
Answers

Chapter 9 Software Assurance Best Practices

Questions
Quick Answer Key
Answers

Chapter 10 Hardware Assurance Best Practices

Questions
Quick Answer Key
Answers

Part III Security Operations and Monitoring

Chapter 11 Data Analysis in Security Monitoring Activities

Questions
Quick Answer Key
Answers
Chapter 12 Implement Configuration Changes to Existing Controls
to Improve Security
Questions
Quick Answer Key
Answers

Chapter 13 The Importance of Proactive Threat Hunting

Questions
Quick Answer Key
Answers

Chapter 14 Automation Concepts and Technologies

Questions
Quick Answer Key
Answers

Part IV Incident Response

Chapter 15 The Importance of the Incident Response Process

Questions
Quick Answer Key
Answers

Chapter 16 Appropriate Incident Response Procedures

Questions
Quick Answer Key
Answers

Chapter 17 Analyze Potential Indicators of Compromise

Questions
Quick Answer Key
Answers

Chapter 18 Utilize Basic Digital Forensics Techniques

Questions
 Quick Answer Key
Answers

Part V Compliance and Assessment

Chapter 19 The Importance of Data Privacy and Protection

Questions
Quick Answer Key
Answers

Chapter 20 Security Concepts in Support of Organizational Risk

Mitigation
Questions
Quick Answer Key
Answers

Chapter 21 The Importance of Frameworks, Policies, Procedures,

and Controls
Questions
Quick Answer Key
Answers

Part VI Appendixes

Appendix A Objective Map

Exam CS0-002

Appendix B About the Online Content

System Requirements
Your Total Seminars Training Hub Account Privacy Notice
Single User License Terms and Conditions
TotalTester Online Performance-Based Questions
Technical Support
 ACKNOWLEDGMENTS
A huge thank you to McGraw Hill and specifically Lisa McClain for
giving me this opportunity and setting me up for success. Thanks to
Emily Walters for all the assistance and the attempt to keep me on
schedule.
I also want to extend a special thanks to Bobby Rogers for his
technical editing and advice both prior to and during this project. I
can’t forget Bart Reed—his copyedits were invaluable.
Most of all, I owe a great debt of gratitude to my entire family.
Thank you for the support and patience. I promise we will take that
vacation!
 INTRODUCTION
This book provides practice exam questions covering 100 percent of
the objectives for the CompTIA CySA+ CS0-002 exam. Between the
book and online test engine, you will get more than 500 practice
questions intended to help you prepare for this challenging exam.

CySA+: Why Should You Get It?

The CySA+ certification offers a great follow-on option from the
Core-level CompTIA Security+ certification. This certification fits best
for cybersecurity practitioners with at least four years of hands-on
experience and prepares them to take on more advanced tasks such
as the following:
• Identifying and evaluating threat intelligence
• Creating or improving threat detection measures
• Analyzing and interpreting threat detection sensor data
• Recommending threat prevention techniques
• Implementing incident response and recovery efforts
As you can ascertain by the tasks listed, the CySA+ is specialized
and focused on cybersecurity skills most closely associated with
typical functions in a Security Operations Center or DOD
Cybersecurity Service Provider (CSSP). The CySA+ certification will
fulfill multiple requirements for professional certification, including
the DOD 8570 Information Assurance Technical (IAT) Level II, CSSP
Analyst, CSSP Infrastructure Support, CSSP Incident Responder, and
CSSP Auditor. Additionally, the CySA+ is growing in recognition
because of its emphasis on in-demand skills, an excellent way of
progressing from Core-level skills/certifications such as Network+
and Security+ to the next intermediate level. Plus, the return on
investment for the time and cost invested to achieve CySA+ is
excellent!

CySA+ in Cybersecurity Careers

CySA+ certification supports your pursuit of cybersecurity positions
such as the following:

The CySA+ CS0-002 Exam

The CySA+ exam includes performance-based (simulation-style)
questions in addition to traditional multiple-choice questions. The
performance-based questions are intended to verify candidates have
not only the knowledge but also the ability/skills to apply the
knowledge.
• Number of Questions: Maximum of 85 questions
• Type of Questions: Multiple choice and performance based
• Length of Test: 165 minutes
• Passing Score: 750 (on a scale of 100–900)
To prepare for the exam, utilize a robust set of study materials
such as the CompTIA CySA+ Cybersecurity Analyst Certification All-
in-One Exam Guide, Second Edition (Exam CS0-002), and practice
exams like the ones contained in this book, combined with hands-on
experience using tools of the trade. Here are some tips for preparing
for the exam:
• Be familiar with the exam objectives, including sub-objectives
• Plan your study time
• Practice both taking practice exams and using tools of the
trade
• Take notes for later review during your study and practice
sessions

Exam Structure
The following table lists the extent to which each exam domain is
represented both in this book and in the examination.

Exam-Taking Techniques
• Time management is key; know how much time to spend on
each question.
• Performance-based questions will take more time than
multiple-choice questions.
• Read questions carefully; identify key words to understand the
nature of each question.
• Pay attention; some questions may require more than one
response.
 • Performance-based questions can be presented at any point in
the exam.
• Double-check your answers if you have time at the end of the
test.
• Stay calm throughout the exam; trust that your test
preparation will pay off.

How to Use This Book

It is important to note this is a practice exam book and not a study
guide. Use the practice exam to do the following:
• Practice your exam techniques and timing.
• Assess your knowledge in the various topic areas covered by
the exam.
• Tailor your study efforts to the areas you identify need
improvement.
• Determine if you are ready to take the exam.
Not only does this book contain practice exam questions but it
further contains detailed explanations for each question, providing
rationales for both correct and incorrect answers. The detailed
answers corroborate the correct answers and provide clarification for
incorrect answers. The detailed explanations are an invaluable
resource for exam preparation.

Using the Objective Map

The objective map included in Appendix A has been constructed to
help you cross-reference the official exam objectives from CompTIA
with the relevant coverage in the book. References have been
provided for the exam objectives exactly as CompTIA has presented
them, along with the chapter and question numbers.
Online Practice Exams
This book includes access to online practice exams that feature the
TotalTester Online exam test engine, which allows you to generate a
complete practice exam or to generate quizzes by chapter or by
exam domain. See Appendix B for more information and instructions
on how to access the exam tool.
 PART I
Threat and Vulnerability
Management
Chapter 1 The Importance of Threat Data and Intelligence
Chapter 2 Threat Intelligence in Support of Organizational
Security
Chapter 3 Vulnerability Management Activities
Chapter 4 Vulnerability Assessment Tools
Chapter 5 Threats and Vulnerabilities Associated with
Specialized Technology
Chapter 6 Threats and Vulnerabilities Associated with
Operating in the Cloud
Chapter 7 Mitigating Controls for Attacks and Software
Vulnerabilities
 CHAPTER 1
The Importance of Threat Data
and Intelligence
This chapter includes questions on the following topics:
• The foundations of threat intelligence
• Common intelligence sources and the intelligence cycle
• Effective use of indicators of compromise
• Information sharing best practices

We discovered in our research that insider threats are not viewed as

seriously as external threats, like a cyberattack. But when companies
had an insider threat, in general, they were much more costly than
external incidents. This was largely because the insider that is smart
has the skills to hide the crime, for months, for years, sometimes
forever.

–Dr. Larry Ponemon

Threat actors are taking advantage of technology proliferation and

utilizing mostly the same tactics, techniques, and procedures (TTPs).
The trend of connecting everything to the Internet (industrial control
systems, medical devices, smart cars, and so on) has created a
target-rich environment for the threat actors. The speed at which
these technologies are being deployed is faster than they can be
secured.
 As a cybersecurity analyst, you must have the knowledge and skill
to discover and thwart these activities. Threat actors cannot be
allowed to easily penetrate and exploit the resources you are
protecting. To defend against these activities requires continuous
research and analysis. This chapter is intended to get you started
toward adding and/or honing those skills.

Q QUESTIONS

1. Ensuring the threat intelligence is tailored to the specific

environment and audience refers to which threat source
characteristic?
A. Accuracy
B. Relevancy
C. Confidence
D. Timeliness
2. Utilizing a Google operator technique such as
inurl:/administrator/index.php or filetype:xls to search for free
and public web-based intelligence is an example of utilizing
which type of intelligence source?
A. SIGINT
B. HUMINT
C. OSINT
D. MASINT
3. The threat events designated as Titan Rain continued for at
least three years before they were discovered. The operators
were highly trained, possessed significant resources, and took
great care to cover their tracks. Based on these characteristics,
which type of threat does this describe?
A. APT
B Zero-day
C. Known
 D. Unknown
4. Which industry-specific organization facilitates sharing of threat
information and best practices relevant to the specific and
common infrastructure of an industry?
A. ISAOs
B. STIXs
C. TAXIIs
D. ISACs
5. A threat actor is an entity responsible for an event or incident
that impacts the security of another entity. Which of the
following is not classified as a threat actor?
A. Organized crime
B. Natural disaster
C. Hacktivist
D. Nation-state
6. Maryann is a cybersecurity analyst reviewing threat intelligence
reports. She would like to rank her research based on an
estimate that can distinguish high-quality threat intelligence
from lesser quality. What can she use to achieve this goal?
A. Competing hypotheses
B. Confidence levels
C. Structured Threat Information eXpression (STIX)
D. Traffic Light Protocol
7. Communication from consumers used by analysts to review
their performance and improve their future performance
describes which phase of the intelligence cycle?
A. Feedback
B. Collection
C. Dissemination
D. Analysis
8. Samuel belongs to a hacking club that coordinates its efforts to
bring light to an issue or promote a cause. This group typically
does not hide its actions, uses readily available tools, and
 wants to bring attention to its activities, seeking to reduce
public trust and confidence in its targets. Which threat actor
group would Samuel’s club be classified as?
A. Intentional insider threat
B. Organized crime
C. Nation-state
D. Hacktivist
9. _______________ is a framework used to organize information
about an attacker’s TTPs and other indicators of compromise in
a machine-readable format for easy sharing and follow-on
automation.
A. TAXII
B. STIX
C. OpenIOC
D. APT
10. Instead of taking the time to develop his own malware,
Joshua just negotiated the purchase of malicious software on
the dark web. This scenario describes the purchase of what
type of software?
A. Crimeware
B. Ransomware
C. Commodity malware
D. Zero-day malware
11. Which process involves organizing cybersecurity threats into
classes such as known, unknown, zero-day, and APT?
A. Indicator management
B. Intelligence cycle
C. Course of action
D. Threat classification
12. The process depicted in the following illustration is used by
analysts to develop finished actionable products from raw
unprocessed data.
 What is the name of this process?
A. Collection plan
B. Intelligence cycle
C. Feedback loop
D. Data analysis
13. Tim has been performing data analysis on his project for
almost a complete month. Tim accidently overwrote his results
file and discovered he did not have a backup copy. This
situation is an example of which type of threat actor?
A. Unintentional insider threat
B. Hacktivist
C. Intentional insider threat
D. APT
14. Information sharing and analysis centers (ISACs) and
information sharing and analysis organizations (ISAOs) have a
similar purpose and goals. What is one clear difference
between these two organizations?
A. ISAOs are public.
B. ISAOs are voluntary.
C. ISACs are industry specific.
D. ISACs develop best practices.

QUICK ANSWER KEY

1. B
2. C
3. A
4. D
5. B
6. B
7. A
8. D
9. C
10. C
11. D
12. B
13. A
14. C
 ANSWERS A
1. Ensuring the threat intelligence is tailored to the specific
environment and audience refers to which threat source
characteristic?
A. Accuracy
B. Relevancy
C. Confidence
D. Timeliness
B is correct. Relevancy is determined by a technique known
as relevance scoring, which correlates properties of the
threat intelligence to properties of the organization (i.e.,
industry, hardware/software in use, location, etc.) so
analysts can prioritize indicators that are specific to the
organization over other indicators and thereby make their
analysis more efficient.
A, C, and D are incorrect. A is incorrect because accuracy
refers to the data being factually correct. C is incorrect
because confidence is not a characteristic of threat
intelligence. D is incorrect because timeliness is not
related to the environment or audience.
2. Utilizing a Google operator technique such as
inurl:/administrator/index.php or filetype:xls to search for free
and public web-based intelligence is an example of utilizing
which type of intelligence source?
A. SIGINT
B. HUMINT
C. OSINT
D. MASINT
C is correct. OSINT, or open source intelligence, is free
information available from public sources such as in
newspapers, blogs, web pages, social media, images,
 podcasts, reading public forums, or watching YouTube
videos.
A, B, and D are incorrect. A is incorrect because SIGINT,
or signals intelligence, is done through intercepts of
communications. B is incorrect because HUMINT, or
human intelligence, comes from human sources. D is
incorrect because MASINT, or measurement and signature
intelligence, is derived from data other than imagery and
SIGINT.
3. The threat events designated as Titan Rain continued for at
least three years before they were discovered. The operators
were highly trained, possessed significant resources, and took
great care to cover their tracks. Based on these characteristics,
which type of threat does this describe?
A. APT
B. Zero-day
C. Known
D. Unknown
A is correct. Advanced persistent threats (APTs) are
characterized by their use of tactics, techniques, and
procedures possessed by well-resourced (nation-state or
large criminal) organizations with very experienced and
well-trained attackers and their ability to remain hidden
and undiscovered for long periods of time, allowing them
to exfiltrate large amounts of data until discovered or
thwarted.
B, C, and D are incorrect. B is incorrect because a zero-
day threat is one that has never before been seen in
public. C is incorrect because a known threat is a threat
that has been seen before and therefore their signatures
can be used to detect them. D is incorrect because an
unknown threat has not been encountered before and
therefore requires behavioral analytics to detect.
4. Which industry-specific organization facilitates sharing of threat
information and best practices relevant to the specific and
common infrastructure of an industry?
A. ISAOs
B. STIXs
C. TAXIIs
D. ISACs
D is correct. ISACs, or information sharing and analysis
centers, were created to make threat data and best
practices more accessible for their respective industries.
A, B, and C are incorrect. A is incorrect because ISAOs are
not aligned to a specific industry. B is incorrect because
STIX is not an information-sharing body/community. C is
incorrect because TAXII is also not an information-sharing
body/community.
5. A threat actor is an entity responsible for an event or incident
that impacts the security of another entity. Which of the
following is not classified as a threat actor?
A. Organized crime
B. Natural disaster
C. Hacktivist
D. Nation-state
B is correct. Although natural disasters are classified as a
threat source, they are classified within the Environmental
category. Threat actors fall within the Adversarial category.
A, C, and D are incorrect. These are all types of threat
actors.
6. Maryann is a cybersecurity analyst reviewing threat intelligence
reports. She would like to rank her research based on an
estimate that can distinguish high-quality threat intelligence
from lesser quality. What can she use to achieve this goal?
A. Competing hypotheses
B. Confidence levels
C. Structured Threat Information eXpression (STIX)
 D. Traffic Light Protocol
B is correct. Confidence levels are created using estimative
language and reflect the scope and quality of the
information supporting analytical assessment judgements.
A, C, and D are incorrect. A is incorrect because
competing hypotheses is an analysis technique used to
evaluate multiple hypotheses to reveal potential actors,
not the quality of threat intelligence. C is incorrect
because STIX is a framework used to communicate threat
data as a standardized lexicon. D is incorrect because
Traffic Light Protocol is used to guide responsible sharing
of sensitive information.
7. Communication from consumers used by analysts to review
their performance and improve their future performance
describes which phase of the intelligence cycle?
A. Feedback
B. Collection
C. Dissemination
D. Analysis
A is correct. Feedback describes the phase where
consumers communicate information to help you improve
future products. Feedback is critical to understand the
needs of your consumers and help you adjust the type of
data to collect, how to process the data, how to analyze
and present the data, and to whom it should be
disseminated.
B, C, and D are incorrect. B is incorrect because collection
is the process of gathering data in an attempt to fill
intelligence gaps. C is incorrect because dissemination is
the process used to distribute requested intelligence data
to the customer. D is incorrect because analysis is the
process of making sense out of the data you already have.
8. Samuel belongs to a hacking club that coordinates its efforts to
bring light to an issue or promote a cause. This group typically
 does not hide its actions, uses readily available tools, and
wants to bring attention to its activities, seeking to reduce
public trust and confidence in its targets. Which threat actor
group would Samuel’s club be classified as?
A. Intentional insider threat
B. Organized crime
C. Nation-state
D. Hacktivist
D is correct. Hacktivists use social media and defacement
tactics and look to bring attention to their cause and
notoriety for their own organization.
A, B, and C are incorrect. A is incorrect because an
intentional insider threat tries to be stealthy to prevent
detection of their nefarious actions. B is incorrect because
organized crime also tries to avoid detection of their
criminal activities, and their main objective is financial
again. C is incorrect because nation-states have the most
resources and use the most sophisticated techniques to
achieve political and military goals.
9. _______________ is a framework used to organize information
about an attacker’s TTPs and other indicators of compromise in
a machine-readable format for easy sharing and follow-on
automation.
A. TAXII
B. STIX
C. OpenIOC
D. APT
C is correct. OpenIOC is a framework for organizing
indicators of compromise (IOCs) and attacker tactics,
techniques, and procedures (TTPs) in a format for easy
sharing and automation.
A, B, and D are incorrect. A is incorrect because TAXII
specifies the structure for how information and
accompanying messages are exchanged. B is incorrect
 because STIX expression is a framework used to
communicate threat data as a standardized lexicon. D is
incorrect because APT is a type of threat whose goal is to
maintain access for long periods of time without being
detected.
10.D Instead of taking the time to develop his own malware,
Joshua just negotiated the purchase of malicious software on
the dark web. This scenario describes the purchase of what
type of software?
A. Crimeware
B. Ransomware
C. Commodity malware
D. Zero-day malware
C is correct. Commodity malware is often available for
purchase or free to download, is normally not customized,
and is used by a large number of threat actors.
A, B, and D are incorrect. A is incorrect because
crimeware is a class of malware designed specifically to
automate cybercrime. B is incorrect because ransomware
is a type of malware from cryptovirology that holds a
victim’s data hostage until a ransom is paid. D is incorrect
because zero-day is malware or an attack that’s exploited
before a fix becomes available.
11. Which process involves organizing cybersecurity threats into
classes such as known, unknown, zero-day, and APT?
A. Indicator management
B. Intelligence cycle
C. Course of action
D. Threat classification
D is correct. Threat classification involves organizing
cybersecurity threats into classes. There are multiple
approaches but most either classify threats by attack
techniques or by threat impacts.
 A, B, and C are incorrect. A is incorrect because indicator
management involves collecting and analyzing data to
create indicators of compromise so they can be shared. B
is incorrect because intelligence cycle refers to converting
an IOC into something actionable for remediation or
detection at a later point. C is incorrect because course of
action is a preventative or response action taken to
address an attack.
12. The process depicted in the following illustration is used by
analysts to develop finished actionable products from raw
unprocessed data.

What is the name of this process?

 A. Collection plan
B. Intelligence cycle
C. Feedback loop
D. Data analysis
B is correct. The intelligence cycle includes the following
phases: Requirements, Collection, Analysis, Dissemination,
and Feedback.
A, C, and D are incorrect. A is incorrect because the
collection plan is only one part of one phase. C is incorrect
because “feedback loop” was not discussed in this chapter
and is not normally associated with the intelligence
processes. D is incorrect because data analysis is only one
phase of the intelligence cycle.
13. Tim has been performing data analysis on his project for
almost a complete month. Tim accidently overwrote his results
file and discovered he did not have a backup copy. This
situation is an example of which type of threat actor?
A. Unintentional insider threat
B. Hacktivist
C. Intentional insider threat
D. APT
A is correct. An unintentional insider threat does not have
malicious intent and is commonly associated with mistakes
or insufficient training.
B, C, and D are incorrect. B is incorrect because
hacktivists have malicious intent and are often motivated
by a cause. C is incorrect because the actions of an
intentional insider threat are malicious in nature and are
not accidental. D is incorrect because an APT is malicious
and intentional.
14. Information sharing and analysis centers (ISACs) and
information sharing and analysis organizations (ISAOs) have a
similar purpose and goals. What is one clear difference
between these two organizations?
A. ISAOs are public.
B. ISAOs are voluntary.
C. ISACs are industry specific.
D. ISACs develop best practices.
C is correct. ISACs are industry specific.
A, B, and D are incorrect. A is incorrect because both
ISAOs and ISACs are public. B is incorrect because both
ISAOs and ISACs are voluntary. D is incorrect because
both ISAOs and ISACs develop best practices.
 CHAPTER 2
Threat Intelligence in Support of
Organizational Security
This chapter includes questions on the following topics:
• Types of threat intelligence
• Attack frameworks and their use in leveraging threat
intelligence
• Threat modeling methodologies
• How threat intelligence is best used in other security functions

Threat is a mirror of security gaps. Cyber-threat is mainly a reflection

of our weaknesses.

–Stèphane Nappo

Based on recent studies, an increasing number of organizations

believe that participation in threat intelligence sharing improves
cybersecurity posture. One of the benefits from this participation is
believed to be an increased ability to detect, contain, and respond to
security incidents. Automation has been key to this increasing trend,
and the emergence of threat intelligence providers such as FireEye,
CrowdStrike, and so forth have made threat intelligence more
available today than ever before.
 In this chapter, we continue to review threat intelligence. The
ability to identify intelligence types and utilize frameworks to process
the data into a more usable form can differentiate one cybersecurity
analyst from another. Obviously, the analyst can maximize these
skills not only to help their employer but also to progress towards
their next career goal.

Q QUESTIONS

1. Joshua, a security team analyst, is using a framework as he

analyzes security incidents. The framework he is using serves
as an encyclopedia of previously observed tactics from bad
actors and enables tracking adversarial behavior over time,
based on observed activity shared with the security community.
Which framework is Joshua using?
A. Lockheed Martin Cyber Kill Chain
B. Diamond Model of Intrusion Analysis
C. X-Force IRIS cyberattack
D. MITRE ATT&CK
2. A security engineer analyzes computer networks, ensures
they’re running securely, and tries to foresee possible security
issues that may arise in the future so that protections can be
built into a system from the beginning. How does sharing
threat intelligence with security engineers provide a benefit?
(Choose all that apply.)
A. Allows quick action when dealing with new threats
B. Provides insight into the possible effectiveness of security
measures
C. Enables security engineers to operationalize
countermeasures to specific adversary tactics
D. Prepares them to predict the capability, intent, and
opportunity for a threat in the future
3. Attack vectors are used by threat actors to gain unauthorized
access to a device or network for nefarious purposes. Which of
the following is not an example of an attack vector?
A. E-mail attachment
B. TCP intercept
C. Social engineering
D. Vulnerable web server
4. Talos and VirusTotal provide lookup information on potentially
malicious URLs, domains, and IP addresses across the Internet
and rate them on the potential of being risky based on
association with the following types of data or activities:
malware, spyware, spam, phishing, fraud, and so on. The data
described is commonly referred to as which type of data?
A. Reputation
B. Indicator of compromise
C. Attack vector
D. Kill chain
5. Ron is performing post-attack analysis of an incident and
tracing the attacker’s activities through the seven linear phases
in hopes he can develop protections to stop future attacks in
their earlier phases. Based on this information, Ron is most
likely using which of the following frameworks to complete his
analysis?
A. Diamond Model of Intrusion Analysis
B. X-Force IRIS cyberattack
C. Lockheed Martin Cyber Kill Chain
D. MITRE ATT&CK
6. Threat intelligence shared with which group enables them to
prepare, develop strong processes, reduce time needed to
react, and update their playbook?
A. Security engineers
B. Incident responders
C. Vulnerability managers
D. Risk assessors
7. Frameworks such as the MITRE ATT&CK contribute to our
understanding of TTPs, types of threat actors, their intent, and
their strengths and weaknesses. Based on this description,
which threat modeling methodology is being leveraged?
A. Likelihood
B. Total attack surface
C. Impact
D. Adversary capability
8. Bobby is using a sandbox to evaluate a new piece of malware
his research team has collected. Executing malware inside
sandbox tools such as Cuckoo and REMnux to determine and
understand what the software is doing falls into which category
of threat research?
A. Behavioral
B. Reputational
C. Capability
D. Indicator
9. Penetration testers, software developers, and system architects
should identify all the ways your system can be exploited by
attackers, both digitally and physically. This is also known as
_______________ and will identify the parts of the system
that need to be reviewed and tested for security vulnerabilities.
A. attack vector
B. system topology
C. total attack surface
D. indicators of compromise
10. The following diagram can be used to describe how an
adversary uses a capability in an infrastructure against a victim
and can be used to capture and communicate details about
malicious activity.
 Which of the following is the nomenclature for this diagram?
A. X-Force IRIS cyberattack
B. Lockheed Martin Cyber Kill Chain
C. MITRE ATT&CK
D. The Diamond Model of Intrusion Analysis

QUICK ANSWER KEY

1. D
2. B, C
3. B
4. A
5. C
6. B
7. D
8. A
9. C
10. D

ANSWERS A
1. Joshua, a security team analyst, is using a framework as he
analyzes security incidents. The framework he is using serves
as an encyclopedia of previously observed tactics from bad
actors and enables tracking adversarial behavior over time,
based on observed activity shared with the security community.
Which framework is Joshua using?
A. Lockheed Martin Cyber Kill Chain
B. Diamond Model of Intrusion Analysis
C. X-Force IRIS cyberattack
D. MITRE ATT&CK
D is correct. MITRE ATT&CK is the framework that enables
tracking adversarial behavior over time based on observed
activity shared with the community.
A, B, and C are incorrect. A is incorrect because the Cyber
Kill Chain is based on the seven stages of a cyberattack. B
is incorrect because the Diamond Model is used to capture
and communicate details about malicious activity. C is
incorrect because the X-Force IRIS cyberattack helps
organizations predict the steps an adversary might take to
infiltrate corporate networks.
2. A security engineer analyzes computer networks, ensures
they’re running securely, and tries to foresee possible security
issues that may arise in the future so that protections can be
built into a system from the beginning. How does sharing
threat intelligence with security engineers provide a benefit?
(Choose all that apply.)
 A. Allows quick action when dealing with new threats
B. Provides insight into the possible effectiveness of security
measures
C. Enables security engineers to operationalize
countermeasures to specific adversary tactics
D. Prepares them to predict the capability, intent, and
opportunity for a threat in the future
B and C are correct. Security engineers can utilize threat
intelligence to provide insight into the effectiveness of
security measures and operationalize countermeasures to
specific adversary tactics.
A and D are incorrect. A is incorrect because security
engineers do not normally deal directly with new threats.
D is incorrect because it is not the role of security
engineers to predict future threat possibilities.
3. Attack vectors are used by threat actors to gain unauthorized
access to a device or network for nefarious purposes. Which of
the following is not an example of an attack vector?
A. E-mail attachment
B. TCP intercept
C. Social engineering
D. Vulnerable web server
B is correct. TCP Intercept is a feature to defend against
TCP SYN flood attacks by intercepting and validating TCP
connection requests.
A, C, and D are incorrect. These are all examples of attack
vectors.
4. Talos and VirusTotal provide lookup information on potentially
malicious URLs, domains, and IP addresses across the Internet
and rate them on the potential of being risky based on
association with the following types of data or activities:
malware, spyware, spam, phishing, fraud, and so on. The data
described is commonly referred to as which type of data?
A. Reputation
 B. Indicator of compromise
C. Attack vector
D. Kill chain
A is correct. Reputation data is offered by various
companies as a service. Once enrolled, every URL request
(whether in a browser or e-mail) is evaluated for security
risk by querying the reputation database and blocking
connection to known risky sites.
B, C, and D are incorrect. B is incorrect because indicators
of compromise are pieces of information on your system
that identify potential malicious activity. C is incorrect
because an attack vector is a path or means through
which a hacker can gain access to a computer or network.
D is incorrect because kill chain is a series of steps that
trace the stages of a cyberattack.
5. Ron is performing post-attack analysis of an incident and
tracing the attacker’s activities through the seven linear phases
in hopes he can develop protections to stop future attacks in
their earlier phases. Based on this information, Ron is most
likely using which of the following frameworks to complete his
analysis?
A. Diamond Model of Intrusion Analysis
B. X-Force IRIS cyberattack
C. Lockheed Martin Cyber Kill Chain
D. MITRE ATT&CK
C is correct. Cyber Kill Chain is a method of breaking down
a cyberattack into a series of structured steps or phases
typically used by attackers to perform cyberintrusions
intended to assist analysts in detecting and preventing
attacks.
A, B, and D are incorrect. A is incorrect because the
Diamond Model of Intrusion Analysis is an approach to
conducting intelligence on network intrusion events. B is
incorrect because X-Force IRIS cyberattack helps
 organizations predict the steps an adversary might take to
infiltrate corporate networks. D is incorrect because
MITRE ATT&CK is a globally accessible knowledge base of
adversary tactics and techniques based on real-world
observations.
6. Threat intelligence shared with which group enables them to
prepare, develop strong processes, reduce time needed to
react, and update their playbook?
A. Security engineers
B. Incident responders
C. Vulnerability managers
D. Risk assessors
B is correct. Incident responders, by the nature of their
trade, are reactionary, relying on strong processes that are
normally documented in a “playbook.” They rely heavily
upon threat intelligence to stay prepared and enhance
their playbook, enabling them to quickly identify and
respond to the latest threats.
A, C, and D are incorrect. A is incorrect because security
engineers are not normally reactionary. C is incorrect
because vulnerability managers are all about making risk-
based decisions. D is incorrect because risk assessors
focus on impact and probability.
7. Frameworks such as the MITRE ATT&CK contribute to our
understanding of TTPs, types of threat actors, their intent, and
their strengths and weaknesses. Based on this description,
which threat modeling methodology is being leveraged?
A. Likelihood
B. Total attack surface
C. Impact
D. Adversary capability
D is correct. Adversary capability threat modeling
methodology helps us identify and understand our
Another random document with
no related content on Scribd:
sometimes became ‘liquorish’ at the table, and on one occasion made rather
free with another man’s wife to the husband’s indignation until mollified
with the assurance of his spouse that she ‘did not like him at all.’ Even so,
thought the irate husband, Hamilton ‘appears very trifling in his
conversation with ladies.’[508] And ‘trifling’ indeed must have been much of
the talk.
Thus it was at a dinner at Clymer’s, a leading member of the House.
Present, Otis, the Binghams, the Willings—the top cream of the aristocracy.
Aha, cried the vivacious sister of Mrs. Bingham, referring to the host’s
newly acquired stomacher, and mentioning the touching case of the Duke of
York, recently married to the Duchess of Württemberg who was compelled
to cut a semi-circle out of his table to give access to his plate. Mrs. Bingham
coyly expressed sympathy for the Duchess. (Bursts of laughter and
applause.) But Clymer, not to be outdone, turned to his married sister with
the comment that he would ‘soon be able to retort this excellent jest on her.’
(Renewed laughter and more applause.) It was an hilarious occasion, the
applause ‘would have done credit to a national convention’ and ‘Miss Abby
and Miss Ann did not disguise their delight nor their bosoms.’[509] On now
to a dinner at Harrison’s, who married a sister of Mrs. Bingham, where one
of the guests, ‘after rallying Sophia ... upon her unfruitfulness,’ led to a
‘natural but not very flattering transition’ which ‘introduced Mrs. Champlin
and her want of prolific qualities as a seasoning for the Canvas Backs.’[510]
But let us hurry on to a third dinner, with Hamilton, his vivacious sisters-in-
law, Mrs. Church and Miss Schuyler. A lively company! Mrs. Church, ‘the
mirror of affectation,’ who is ‘more amusing than offensive’ because so
affable and free from ceremony; and, still more lively, Miss Schuyler ‘a
young wild flirt from Albany, full of glee and apparently desirous of
matrimony.’ Mrs. Church drops her shoe bow, Miss Schuyler picks it up and
fastens it in Hamilton’s button-hole with the remark, ‘I have made you a
knight.’ ‘But what order?’ asks Mrs. Church, ‘he can’t be a knight of the
garter in this country.’ ‘True, sister, but he would be if you would let him.’
Wine, women and song—such the spirit in some of the great houses in
moments of abandon. But it would be unfair to leave the impression these
incidents would convey. There were brilliant men of vast achievement, and
women of extraordinary charm and cleverness moving behind these
curtained windows. Let us meet them in the mansion of Mrs. Bingham—the
uncrowned queen of the Federalist group—the woman without a peer.
 IV

None of the three capitals of the country have produced another social
leader of the cleverness, audacity, and regality of Mrs. William Bingham.
During the eight years of the domination of the Federalists, of whom her
husband was one of the leaders, there was no public character of the first
order who did not come under the influence of her fascination. By birth,
environment, nature, and training she was fitted to play a conspicuous part in
the social life of any capital in the world. The daughter of Willing, the
partner of Robert Morris, she was the favored of fortune. Some years before
her birth, her father, inspired by sentimental motives, built the mansion on
Third Street in which she was born, and patterned it after the ancestral home
in Bristol, England. There, surrounded by all the advantages of wealth, her
beauty unfolded through a happy childhood. The pomp and pride of great
possessions did not imbue her with a passion for republics or democracy.
She was destined to play a part in a rather flamboyant aristocracy, and was
as carefully perfected in the arts and graces of her sex as any princess
destined to a throne. In the midst of the Revolution, in her sixteenth year, she
married William Bingham who combined the advantages of wealth, social
position, and a capacity for political leadership.
She was only twenty, when, accompanied by her husband, she went
abroad to captivate court circles with her vivacity, charm, and beauty. At
Versailles, the gallants, accustomed to the ways and wiles of the most
accomplished women of fashion, were entranced. At The Hague, where she
lingered awhile, the members of the diplomatic corps fluttered about the
teasing charmer like moths about the flame. In the court circles of England
she suffered nothing in comparison with the best it could offer, and the
generous Abigail Adams, thrilling to the triumph of the young American,
found her brilliancy enough to dim the ineffectual fires of Georgiana,
Duchess of Devonshire. Five years of familiarity with the leaders in the
world of European fashion and politics prepared her to preside with stunning
success over the most famous political drawing-room of the American
capital.
It was after their return from Europe that Mrs. Bingham moved into the
imposing mansion on Third Street built on the ample grounds of her
childhood home. All the arts of the architect, landscape gardener, and
interior decorator had been drawn upon to make a fit setting for the mistress.
The garden, with its flowers and rare shrubbery, its lemon, orange, and citron
trees, its aloes and exotics, was shut off from the view of the curious, only
mighty oaks and the Lombardy poplars visible above the wall—‘a
magnificent house and gardens in the best English style.’[511] The
furnishings were in keeping with the promise of the exterior. ‘The chairs in
the drawing-room were from Seddon’s in London of the newest taste, the
back in the form of a lyre, with festoons, of yellow and crimson silk,’
according to the description of an English tourist. ‘The curtains of the room
a festoon of the same. The carpet, one of Moore’s most expensive patterns.
The room papered in the French taste, after the style of the Vatican in
Rome.’[512] The halls, hung with pictures selected with fine discrimination
in Italy, gave a promise not disappointed in the elegance of the drawing-
rooms, the library, the ballroom, card-rooms, and observatory.[513] To some
this extravagant display of luxury was depressing, and Brissot de Warville,
who was to return to Paris to die on the guillotine as a leader of the ill-fated
party of the Gironde, held the
 MRS. WILLIAM BINGHAM

mistress of the mansion responsible for the aristocratic spirit of the town. It
was a pity, he thought, that a man so sensible and amiable as Bingham
should have permitted a vain wife to lead him to ‘a pomp which ought
forever have been a stranger to Philadelphia.’ And all this display ‘to draw
around him the gaudy prigs and parasites of Europe,’ and lead ‘to the
reproach of his fellow citizens and the ridicule of strangers.’[514] But if the
French republican was shocked, even so robust a democrat as Maclay was so
little offended that he was able to write after dining at the mansion that
‘there is a propriety, a neatness, a cleanliness that adds to the splendor of his
costly furniture and elegant apartments.’[515]
And ‘the dazzling Mrs. Bingham,’ as the conservative Abigail described
her,[516] what of her? The elegance and beauty which has come down to us
on canvas prepares us for the glowing descriptions of contemporaries. Hers
was the type of patrician beauty that shimmered. She was above the medium
height and well-formed, and in her carriage there was sprightliness, dignity,
elegance, and distinction. Sparkling with wit, bubbling with vivacity, she had
the knack of convincing the most hopeless yokel introduced into her
drawing-room by the exigencies of politics that she found his personality
peculiarly appealing. Daring at the card-table, graceful in the dance, witty in
conversation even though sometimes too adept with the naughty devices of a
Congreve dialogue, inordinately fond of all the dissipations prescribed by
fashion, tactful in the selection and placing of her guests at table, she richly
earned the scepter she waved so authoritatively over society.[517] What
though she did sometimes stain her pretty lips with wicked oaths, she swore
as daintily as the Duchess of Devonshire, and if she did seem to relish
anecdotes a bit too spicy for a puritanic atmosphere, she craved not the
privilege of breathing such air.[518]
Hers the consuming ambition to be the great lady and to introduce into
American society the ideas and ideals of Paris and London. Did Jefferson
gently chide her for her admiration of French women? Well—was she not
justified? Did they not ‘possess the happy art of making us pleased with
ourselves?’ In their conversation could they not ‘please both the fop and the
philosopher?’ And despite their seeming frivolity, did not these ‘women of
France interfere with the politics of the country, and often give a decided
turn to the fate of empires?’ In this letter to the man she admired and liked,
while loathing his politics, we have the nearest insight into the soul of the
woman.[519]
But these graver ambitions were not revealed to many who observed her
mode of life, her constant round of dissipations, her putting aside the
responsibilities of a mother, leaving her daughters to their French
governesses until the tragic elopement of Marie with a dissipated nobleman,
and the apprehension of the pair after their marriage at the home of a
milliner in the early morning. Hers were not the prim notions of the average
American of her time. It was Otis, not she, who was shocked to find Marie
so thinly dressed in mid-winter that he was ‘regaled at the sight of her whole
legs for five minutes together,’ and wondered ‘to what height the fashion
would be carried.’[520] Swearing, relating risqué stories, indulging in
dissipations night after night, shaming her motherhood by her affected
indifference or neglect, the fact remains that the breath of scandal never
touched her until the final scene when in her early thirties they bore her on a
stretcher from the home of her triumphs in the vain hope of prolonging her
life in the soft air of the Bermudas.
And so to her dinners, dances, parties, the clever men of the Federalist
Party flocked, with only a sprinkling of Jeffersonians, for, though Jefferson
himself could always count on a gracious reception from the hostess, he was
not comfortable among the other guests. Always the best was to be had there
—and the newest. Did she not introduce the foreign custom of having
servants announce the arriving guests, to the discomfiture of Monroe?
‘Senator Monroe,’ called the flunky.
‘Coming,’ cried the Senator.
‘Senator Monroe’—echoed a flunky down the hall.
‘Coming as soon as I can get my greatcoat off,’ promised the Senator.
But we may be sure that no expression of amusement on the face of the
beaming Mrs. Bingham added to his embarrassment.
‘A very pretty dinner, Madame,’ said the intolerable Judge Chase, after
looking over the proffered repast, ‘but there is not a thing on your table that I
can eat.’
An expression of surprise or resentment on the hostess’s face? Not at all.
What would the Judge relish? Roast beef? Very well—and a servant received
his orders and soon hurried back with beef and potatoes to be gluttonously
devoured and washed down with a couple of bottles of stout ale instead of
French wines.
‘There, Madame,’ said the Judge, made comfortable, ‘I have made a
sensible and excellent dinner, but no thanks to your French cook.’
And he never knew from the lady’s pleased expression that she thought
him an insufferable bore.
Such the woman whose home was to be to the Hamiltonians what
Madame Roland’s was to the Girondists, and Lady Holland’s to the English
Whigs. Now let us peep into the drawing-room and observe the men and
women who bowed to her social scepter.

In deference to Mrs. Bingham we shall permit the servant to announce

these visitors as they arrive.
‘Mr. and Mrs. Robert Morris.’
No doubt about their importance, for he was as intimate with Washington
as she with Mrs. Washington, and such was her intimacy that she was
frequently referred to as ‘the second lady in the land.’ It was she who
accompanied Mrs. Washington from Philadelphia to New York after the
inauguration, and during the spring and autumn the two might frequently be
seen under the trees at ‘The Hills,’ the Morris farm near the city, enjoying
the view of the river and such pastoral pictures as were offered by the
imported sheep and cattle grazing on the rolling hills. Of Mrs. Morris it was
said that ‘so impressive is her air and demeanor that those who saw her once
seldom forgot her.’[521] She had dignity, tact, and elegance, and, like Mrs.
Washington, no respect for ‘the filthy democrats.’ She was a thorough
aristocrat. Her husband, banker, merchant, Senator, was of imposing height,
his merry blue eyes, clear complexion, and strong features denoting
something of his significance; and he had the social graces that captivate and
hold. His wealth alone would have made him a commanding figure in the
society of the time and place. Some generations were to settle on his grave
before he was to appear as the martyr who had sacrificed a fortune to liberty,
for there was a different understanding in his day.[522] A natural aristocrat,
ultra-conservative because of his business connections and great
possessions, if he was tolerant of the experiment in republicanism, he took
no pains to conceal his contempt of democracy—in Senate or drawing-room.
 ‘Mrs. Walter Stewart.’
Another of the intimate circle of the Washingtons who dwelt in a fine
house next door to the Morrises, she was one of the most brilliant and
fascinating women with whom Mrs. Bingham liked to surround herself. A
long way she had traveled from her girlhood home as the daughter of Blair
McClenachan, the ardent democrat who was to help burn Jay’s Treaty,
welcome Genêt, and to follow Jefferson, for she was the wife of the rich
General Stewart, and had been seduced by the glitter of the aristocracy. Like
Mrs. Bingham, she had had her fling with the nobility in London, Paris,
Berlin, and Rome, and had returned to open her house for some of the most
elaborate entertaining of her time. In striking beauty, conversational charm,
and a caressing manner, she rivaled Mrs. Bingham at her best. About her
dinner table the leaders of the Federalist Party were frequently found.[523]
‘Mrs. Samuel Powell.’
An interesting lady, ‘who looks turned fifty,’[524] enters to be greeted by
the hostess as ‘Aunt.’ A courteous, kindly woman, almost motherly in her
manner, she talks with the fluency and ease to be expected of the mistress of
the famous house on ‘Society Hill.’[525] No one of Mrs. Bingham’s guests
who has not promenaded on summer evenings in the Powell gardens, the
walks lined with statuary.[526]
‘General and Mrs. Knox.’
An impressive figure, the Secretary of War, his height carrying the two
hundred and eighty pounds not ungracefully, his regular Grecian nose, florid
complexion, bright, penetrating eyes giving an attractive cast to his
countenance. They who know him best suspect that he enjoys too well the
pleasures of the table, but love him for a kindliness that temper cannot sour,
a sincerity and generosity that know no bounds, a gayety that his dignity
cannot suppress—a fine sentimental figure with a Revolutionary
background. What though he had been a bookseller before he eloped with a
lady of quality, he was too keenly appreciative of the advantages of
aristocracy to have much patience with the queer notions of Tom Jefferson,
whom he liked. He rubbed his shins when Hamilton stumbled over a chair.
And Mrs. Knox—she must have been a dashing belle in her romantic
youth, for despite her enormous weight, she was still handsome with her
black eyes and blooming cheeks.[527] Passing her girlhood in the Loyalist
atmosphere of an aristocratic home, she had never become reconciled to the
impertinence of the people, and even during the war her adoring Henry had
been moved to warn her against sneering openly at the manners and speech
of the people of Connecticut. ‘The want of refinement which you seem to
speak of is, or will be, the salvation of America,’ he wrote.[528] But hers was
the more masterful nature and his democracy was to capitulate to her
aristocracy in the end.[529] But—whither goes the lady from the drawing-
room so quickly? Ah—of course, it is to the card-room, for was it not the
gossip that ‘the follies of a gambling wife are passed on to the debits of her
husband?’[530] In the morning, no doubt, she will run in on Mrs. Washington
at the Morris house, for they are very close.
‘Mr. and Mrs. Alexander Hamilton.’
What a romantic picture he makes in the finery that sets him off so well—
brilliant eyes sparkling, eloquent lips smiling, a courtly figure bending over
the hostess’s hand. Only a moment for the lightest kind of banter with the
ladies, and he is off to the Pemberton mansion to work far into the night.
Mrs. Hamilton will linger a little longer, an appealing type of woman, her
delicate face set off by ‘fine eyes which are very dark’ and ‘hold the life and
energy of the restrained countenance.’[531] Hamilton had found her in the
Schuyler homestead at Albany, ‘a brunette with the most good-natured, dark
lovely eyes,’[532] gentle, retiring, but in the home circle full of gayety and
courage. Weeks and months sometimes found her missing from the social
circle, for with her, in those days, life was just one baby after another.
‘Mr. and Mrs. Oliver Wolcott, and Miss Wolcott.’
A pleasing personality was that of the handsome protégé of Hamilton,
breathing the spirit of jollity, given to badinage, capable, too, of serious
conversation on books and plays. He loses himself in the lively throng, but
his infectious laughter is as revealing of his presence as the bell of Bossy in
the woods. But we are more interested in his companions. Mrs. Wolcott was
all loveliness and sweetness, grace and dignity, and such was the appeal of
her conversation that one statesman thought her ‘a divine woman’; another,
‘the magnificent Mrs. Wolcott’; and the brusque Senator Tracy of her State,
on being assured by a condescending diplomat that she would shine at any
court, snorted that she even shone at Litchfield.[533] Even so the eyes of the
younger men are upon Mary Ann Wolcott, sister of the Federalist leader, a
pearl of her sex, combining an extraordinary physical beauty with opulent
charms, and a conversational brilliance unsurpassed by any woman of the
social circle. Very soon she would marry the clever, cynical Chauncey
Goodrich and take her place in official society in her own right. The
Wolcotts, we may be sure, read Paine’s ‘Rights of Man’ with amazement and
disgust.
‘Mr. and Mrs. Theodore Sedgwick.’
A magnificent type of physical manhood, the face of one accustomed to
command and sneer down opposition; a woman of elegance and refinement,
typical of the best New England could offer in a matron.
‘Pierce Butler.’
A handsome widower this man, maintaining an elegant establishment in
Philadelphia, who affected to be a democrat, and carefully selected his
associates from among the aristocracy, a South Carolinian with a certain
reverence for wealth.
‘Mrs. William Jackson.’
An equally charming but less beautiful sister of the hostess, now wife of
one of Washington’s secretaries, a favorite at the Morris mansion, and with
no time for thinking on the grievances of the yokels and mechanics—an
American prototype of the merry ladies of Versailles before the storm broke.
Among the foreign faces we miss the tall figure of Talleyrand whose
Philadelphia immoralities shocked the French Minister, and whose affairs
with a lady of color[534] excluded him from the Bingham drawing-room. But
there is Viscount de Noailles who had proposed the abolition of feudal rights
in the early days of the French Revolution; and Count Tilley, the dissipated
roué planning an elopement with his hostess’s daughter with the connivance
of her French governess; and Brissot de Warville, enlightened political
idealist of France soon to fall beneath the knife of Robespierre. There, too,
the Duc de La Rochefoucauld-Liancourt who was redolent of courts, and the
Baring brothers of London, bankers, soon to marry the Bingham girls.
A veritable Vanity Fair, many clever, some brilliant, most skeptical of
republics, idolatrous of money and distinctions, and few capable of
discriminating between anarchy and democracy. Such was the social
atmosphere of the capital when the fight to determine whether this should be
a democratic or aristocratic republic was made.

VI
 We have an English-drawn picture of an evening at the British Legation
with many American guests gathered about the blazing fire. The Consul is
‘descanting on various subjects, public and private, as well as public and
private characters, sometimes with unbecoming levity, sometimes with
sarcasm even more unbecoming.’ An English guest was afraid that such talk
‘could hardly fail to be offensive to ... many of the guests and to the good
taste of all.’ But could this English gentleman have listened in on the
conversations at Mrs. Bingham’s, Mrs. Morris’s, or Mrs. Stewart’s, he might
have concluded that these reflections on certain public characters were
altogether pleasing to the principal figures in the society of the capital.[535]
And could he have returned a little later to find society chuckling over the
display in the windows of a newspaper office of the pictures of George III,
Lord North, and General Howe, he might have decided that there was a
pronouncedly pro-English party in America. Had he driven about the
environs, among the hills, and along the banks of the rivers, he would have
seen country houses of the aristocracy—Lansdowne, the seat of the
Binghams; Bush Hill, where the Adamses lived at first; Woodford, and other
country places to suggest similar seats in his own land. And had he been
meandering in the neighborhood of Horsehead’s or Chew’s Landing, seven
or nine miles out, he might have been startled at the familiar English picture
of gentlemen in bright coats, the pack in full cry after the fox.[536] And
having made these observations he could have found some extenuation in
the conversation in the British Minister’s house.
The snobbery of class consciousness entered into even the Dancing
Assembly which held forth at frequent intervals at O’Eller’s, in a ballroom
sixty feet square, with a handsome music gallery at one end, and the walls
papered after the French style.[537] The suppers at these dances were mostly
liquid,[538] and, since it is on record that on hot summer days ladies and
gentlemen could count on a cool iced punch with pineapple juice to heighten
the color, it may be assumed that the Assembly suppers were a success.[539]
The fact that the young ladies sometimes took two pair of slippers, lest they
dance one out, hints of all-night revels.[540] And the expulsion from
membership of a young woman who had dared marry a jeweler tells its own
tale.[541] At the theater, which was usually crowded,[542] the aristocrats and
democrats met without mingling, for the different prices put every one in his
or her place, and if wine and porter were sold between acts to the people in
the pit ‘precisely as if they were in a tavern,’[543] the aristocracy paid eight
dollars for a box,[544] and an attaché, in full dress of black, hair powdered
and adjusted in the formal fashion, and bearing silver candlesticks and wax
candles, would meet Washington at the entrance and conduct him with much
gravity to the presidential box, festooned with red drapery, and bearing the
United States coat of arms.[545] ‘The managers have been very polite to me
and my family,’ wrote Mrs. Adams. ‘The actors came and informed us that a
box is prepared for us. The Vice-President thanked them for their civility,
and told them he would attend whenever the President did.’[546] On these
occasions, when the highest dignitaries of the State attended, a stranger,
dropped from the clouds, would have scarcely thought himself in a republic.
At the theater he would have found a military guard, with an armed soldier
at each stage door, with four or five others in the gallery, and these assisted
by the high constables of the city and police officers.[547] There was no
danger threatening but the occasion offered the opportunity for pompous
display so tempting to the society of the city.
At first the statesmen had to content themselves with the old Southwark
Theater, which was dreary enough architecturally, lighted with oil lamps
without glasses, and with frequent pillars obstructing the view.[548] But the
best plays were presented, by good if not brilliant players, and the
aristocracy flirted and frolicked indifferent to the resentful glances of the
poorer classes in less favored seats. It reached the climax of its career just as
the new theater was about to open with the then celebrated tragic actress,
Mrs. Melmoth—and soon afterward, the new Chestnut Street Theater
opened its doors and raised its curtain. The opening was an event—the
public entranced. Two or three rows of boxes, a gallery with Corinthian
columns highly gilded and with a crimson ribbon from capital to base.
Above the boxes, crimson drapery—panels of rose color—seats for two
thousand. ‘As large as Covent Garden,’ wrote Wansey, ‘and to judge by the
dress and appearance of the company around me, and the actors and scenery,
I should have thought I had still been in England.’[549] And such a company!
There was Fennell, noted in Paris for his extravagance, socially ambitious,
and handsome, too, with his six feet of stature, and ever-ready blush, about
whom flocked the literary youth of the town. Ladies—the finest trembled to
his howls of tragedy and simpered to his comedy. There, too, was Harwood,
who had married the granddaughter of Ben Franklin—a perfect gentleman;
and Mrs. Oldmixon, the spouse of Sir John, the ‘beau of Bath,’ who divided
honors in his day with Nash and Brummel; and Mrs. Whitlock, whom her
admirers insisted did not shine merely by the reflected glory of her sister,
Mrs. Siddons.
Quite as appealing to both aristocrat and democrat was the Circus at
Twelfth and Market Streets, established in 1792 by John Ricketts whose
credentials to society were in his erstwhile connection with the Blackfriars
Bridge Circus of London. Washington and Martha occasionally witnessed
the performances, quite soberly we may be sure, and the ‘court party’ thus
got its cue if any were needed. The proprietor riding two horses at full
gallop, Signor Spinacuta dancing daringly on a tight rope, a clown tickling
the risibilities of the crowd and mingling Mrs. Bingham’s laughter with that
of Mrs. Jones, her washwoman, women on horseback doing stunts, and a
trained horse that could leap over other horses without balking—such were
the merry nights under the dripping candles.[550]
Then there was Bowen’s Wax Works and museum of curiosities and
paintings and the museum of Mr. Peale—and under the same roof with the
latter the reading-room of the Philosophical Society, where Jefferson was to
find a sanctuary in the days when he was to be anathema in the fashionable
drawing-rooms.
Frivolity, extravagance, exaggerated imitation of Old-World dissipations,
could scarcely have been suited to Jefferson’s taste; but when he wished for
society of another sort he could always run in on Rittenhouse to discuss
science, or on Dr. Rush who mixed politics with powders, or, better still, he
could drive out to ‘Stenton,’ the beautiful country house of Dr. James Logan
and his cultured wife, approached by its glorious avenue of hemlocks. There
he could sit under the trees on the lawn or walk in the old-fashioned gardens
or browse in the fine library. There before the huge fireplace in the lofty
wainscoted rooms he could sit with the Doctor and discuss the aristocratic
tendencies of the times—and this he frequently did. Despite his democracy,
Jefferson lived like an aristocrat. He had found a place in the country near
the city where the house was ‘entirely embosomed in high plane trees with
good grass below,’ and there, on warm summer days, he was wont to
‘breakfast, dine, write, read, and entertain company’ under the trees. Even in
its luxury, his was the home of the philosopher. It was under these plane
trees that he worked out much of the strategy of his political battles.[551]
Such was the social background for the struggle of Hamilton and Jefferson
—with little in it to strengthen or encourage the latter in his fight.
 CHAPTER VII

JEFFERSON MOBILIZES

W HEN Jefferson assumed the task of organizing the opposition to the

policies of the Federalists all the forces most susceptible to
organization and intelligent direction were arrayed upon the other side.
The commercial interests, constituting Hamilton’s shock troops, had their
organizations in all the larger towns and in a crisis could be speedily
mobilized in the smaller. The various Chambers of Commerce were
Federalist clubs that could be summoned to action on a day’s notice. The
financial interests, always in close formation when not sleeping on their
arms, could be ordered to the front overnight. The live-wire speculators
whose fortunes had sprung up magically were on their toes to do battle for
the system that had enriched them, and eager to do the bidding of the
magician who had waved the wand. The greater part of the intellectuals,
lawyers, doctors, professors, preachers, were enthusiastic champions of
Hamiltonian policies—and because of their prestige these were powerful
factors in the moulding of opinion. And, most serious of all, from Jefferson’s
point of view, the major portion of the press was either militantly
Hamiltonian or indifferently democratic. In the drawing-rooms were heard
the sentiments of the Chambers of Commerce—in glorification of
materialism.
The rich, the powerful, and their retainers among the men of the
professions, were bound to the Federalist by a common interest in property
and a common fear of the masses. Since the policies of Hamilton were
frankly in the interests of the commercial classes, their supporters were
found largely in cities and towns of the commercial North—within easy
reach. A word from the chief to his leaders in the capital—Ames and Cabot
of Massachusetts; King, Schuyler, and Lawrence of New York; Wolcott and
Ellsworth of Connecticut; Morris, Bingham, and Fitzsimmons of
Pennsylvania; Dayton of New Jersey; McHenry of Maryland;
 FISHER AMES ROBERT GOODLOE HARPER
GEORGE CABOT GOUVERNEUR MORRIS

Smith and Harper of South Carolina—a word from these to the

commercial leaders in their States, and from these a word to those under
obligations to them—the small merchants operating on credit—and the
coffee-houses buzzed, the Chambers of Commerce acted, editors plied their
pens, preachers thundered from pulpits, and even at the social functions they
danced and flirted in the war paint of the party.
As Jefferson surveyed the field, he observed that his great antagonist’s
organization was but a consolidation of organizations previously existent—
and these imposing in their representation of wealth, intellect, and social
prestige. Hamilton could snap his fingers, and the merchants came; could lift
his hand, and the officers of the Cincinnati were in the saddle; could wave
his wand, and Fenno, Russell, and other potent editors would instantly do his
bidding, and the preachers of New England scarcely waited for the sign to
pass the devil by to damn democracy.
But Jefferson had his eye on other forces, numerically stronger, if less
imposing. The farmers, comprising ninety per cent of the Nation, were
resentful of policies that pampered the merchant and left them out in the
cold. The private soldiers of the Revolution, less respected then than when
Webster made his Bunker Hill address, were embittered because their
securities had gone for a song while speculators had waxed wealthy on the
sacrifice. The more robust republicans were shocked at the aristocratic
affectations of their rulers and the tone of the Federalist press. The excise
law was hated in the remote sections, and unpopular with the masses
everywhere. The doctrine of implied powers had alarmed the friends of State
sovereignty. There was an undercurrent of feeling, which Jefferson, with ear
marvelously keen for rumblings, caught, that laws were passed for the few at
the expense of the many. And it was being bruited abroad that in high
quarters there was a disposition to cultivate England to the neglect of France.
Everywhere through the South and West there was a bitter resentment of
government by and for the East.
Including all, and more important than any single one, there was a fervent
spirit of democracy running through the land, while the Federalist leaders
were openly denouncing the democrats. ‘Looking simply at the field of
American history,’ says Professor Anson D. Morse, ‘it would be just to
enumerate among the causes of the Democratic Party all influences which
from the beginning of the colonial period carried forward at a really
marvelous rate the democratization of the American character.’[552] The
country was really democratic before there was a party of democracy.
Jefferson knew it; Hamilton never suspected it, or, suspecting, determined to
override the sentiment. Therein lies the original cause of the ultimate
triumph of Jefferson, and the evidence that the Federalist Party was
foredoomed to ultimate failure.
But how to reach, galvanize, vitalize, organize this great widely scattered
mass of unimportant, inarticulate individuals—that was the problem that
confronted Jefferson. Ninety-five per cent of the people lived in the country
or in villages. Communication was difficult. There were for them no
Chambers of Commerce, no coffee-houses, no Faneuil Halls. Thousands had
no idea what was going on outside the boundaries of their isolated farms and
villages. If the masses in the cities were in sympathy with democracy—and
they were—comparatively few of these were permitted to vote. Under the
John Jay Constitution of New York, as late as 1790, only 1303 of the 13,330
male residents of voting age in New York City were allowed to vote with the
property qualification deliberately designed for their disfranchisement.[553]
In Vermont alone, of the New England States, no property qualification
attached to the suffrage, albeit in New Hampshire any male paying tax,
however small, was qualified. In Massachusetts, Rhode Island, and
Connecticut great numbers were excluded by their poverty. Thus, in the
beginning, the thousands of hewers of wood and drawers of water in the
towns and cities of the North were lost to all practical purposes. But all of
the common folk were not disfranchised, and they who had the vote were
splendid material for a militant organization. They had a genius for practical
politics when under the orders of a drill master, and were not too fastidious
for the grime and sweat of the polling-places. One of these was worth a
dozen dandies from Mrs. Bingham’s circle on election day.[554] There was
abundant material for a party—if it could be assembled and coordinated.

II

As Jefferson’s mild eye surveyed the field, he found in almost every State
local parties, some long in existence, fighting for popular rights as they
understood them; but their fights had been waged on local issues. The party
he was to create was to fight in precisely the same cause—on the national
field. Here, then, was something already at hand. Why not consolidate these
local parties into one great national organization, and broaden the issue to
include the problems of both State and Nation? The local leaders? Why not
make them field marshals in command of the Massachusetts division, the
North Carolina division, Pennsylvania and Maryland divisions?
The philosopher-politician took up his pen, for he had learned in the
organization of the Revolution what could be done through correspondence.
Out under the plane trees he was to sit at his table writing—to Sam Adams,
to Rutledge, to John Taylor, to Willie Jones. Under his roof and at his table
conferences with Madison, Monroe, Giles, Bloodworth, became
commonplace. ‘Oh, I should note that Mr. Jefferson, with more than Parisian
politeness, waited on me at my chamber this morning,’ wrote Maclay. ‘He
talked politics, mostly the French difference and the whale fishery.’[555] A
very cautious approach, we may be sure, for the master politician and
psychologist thoroughly understood the little vanities, prejudices, and
weaknesses of that singularly suspicious democrat. Quite different would
have been a conversation with Gallatin or Monroe. Taking an inventory of
prospective lieutenants in the States, and comparing the material with that
against him, he could not but have realized his disadvantage. Brilliant men
are prone to flutter about the rich and powerful, and nothing succeeds like
success with the strong. No chance for him to ride to war surrounded by
such scintillating company as that which encircled Hamilton—but here and
there was a man who shimmered in the sun.
In Massachusetts, home of Ames, Cabot, and Sedgwick, Jefferson could
count on two men who surpassed any of this famous group in service in the
making of the Republic, but, strange as it may seem in perspective, old Sam
Adams and John Hancock were not in good standing with the staid business
men of Boston. Their republicanism was too robust, their devotion to the
principles of the Declaration too uncompromising for the materialists, who
appeared, for the most part, on the battle-field after the fight was won, to
claim the fruits of the victory. Sam Adams had lost his race for Congress to
Fisher Ames who had dallied with his books when the ragged Continentals
were struggling in the field. When the clever politicians of the Essex Junto
exchanged letters, these erstwhile Revolutionary heroes of the dark days
were seldom mentioned with respect; but they had their following in the
streets and among those who had shared in the perils they had faced. Upon
these two Jefferson could rely.
But there were others, more active and militant in the Boston of those
days in the building of the party of democracy. Foremost in the fight, and
most annoying to the ruling oligarchy, was the brilliant Dr. Charles Jarvis,
who was a powerful orator[556] whose social status, on a par with that of
Otis, raised him above the condescension or contempt of the moneyed
aristocracy, and whose ability was beyond the reach of disparagement.[557]
Through many years of leadership in the legislature he ‘had made the rights
of man his pole star.’[558] No one did so much to organize and vitalize the
masses, for he could pass from the legislative hall to the public platform
without any diminution of power. As in the former he could match the best
in argument, on the latter no one knew better how to direct the storm.
‘Jarvis’s electioneering influence in this town is very great,’ wrote John
Quincy Adams to his father.[559]
As a file leader, organizer, agitator, he had powerful support in the robust,
rough-hewn rope-maker, Ben Austin, who wrestled under the rules of catch-
as-catch-can, mingled with the element that Ames and Cabot considered
vulgar, and under the signature of ‘Honestus’ dealt telling blows in letters
that the mechanic could understand. ‘Rabid essays,’ they were—judged by
the standard of the élite.[560] Sam Adams, John Hancock, Austin, and Jarvis
—these were the Jeffersonian leaders in the Old Bay State. Less aggressive,
but often valuable, was James Sullivan, orator, leader of the Bar, letter-writer
and pamphleteer, whose vigorous mind, powers of application, and
indomitable courage were to render yeoman service.
In the other New England States the democrats were less fortunate. In
Connecticut, ruled with an iron hand by an oligarchy of preachers,
professors, and reactionary politicians, the prospects were dark enough, but
even there the Jeffersonians found a leader capable of coping with the best
of the opposition in the hard-hitting, resourceful Abraham Bishop, who was
a veritable scandal and stench to the gentlemen of the cloth and of the
counting-room. Nowhere in America was such an amazing combination of
Church and State. Election days were celebrated with religious services, and
the sermons were party harangues, described by the irreverent Bishop as
consisting of ‘a little of governor, a little of Congress, much of politics, and a
very little of religion—a strange compote, like a carrot pie, having so little