A security operations manager wants to build out an internal threat-hunting capability. Which of the following should be the first priority when creating a threat-hunting program?
A.
Establishing a hypothesis about which threats are targeting which systems
B.
Profiling common threat actors and activities to create a list of IOCs
C.
Ensuring logs are sent to a centralized location with search and filtering capabilities
D.
Identifying critical assets that will be used to establish targets for threat-hunting activities
By aggregating logs in a centralized location with search and filtering capabilities, security analysts can quickly and easily identify anomalous behavior that may indicate a potential threat. Additionally, a centralized location makes it easier to correlate events across multiple systems and identify patterns that may be indicative of an attack.
You will need to create a hypothesis first before identify anything else. If you go through Jason Dion Course, exabeam article, Trellix/Mcafee article, or even SANS article, it will tell you that hypothesis will be the first step for threat hunting. Look it up.
All Books/authors are saying that the first step in every threat hunting process is to Stablish an hypotesis. The hypothesis serves as a foundational element that helps guide the investigation by formulating a specific assumption or theory about a potential threat.
ChatGPT:
When creating a threat-hunting program, the first priority should be to establish a clear and well-defined threat-hunting strategy. This strategy should serve as the foundation for all threat-hunting activities and guide the development of the program. Here are key steps and considerations for building an effective threat-hunting program:
Define Objectives and Scope: Clearly define the goals and objectives of your threat-hunting program. Determine the scope of the program, including the systems, networks, and data you intend to protect.
I think
D works better with risk assessment, so it is not D.
A could be the right answer because Threat hunting is a proactive approach to look for IOC so it starts with hypotheses or anomaly logs
helper source: https://www.crowdstrike.com/cybersecurity-101/threat-hunting/
I vote D, even moreso after reading the link Zulu put. Gotta identify what you want to threat hunt instead of wasting time analyzing everything all at once
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kiduuu
Highly Voted 2 years agoZUL01
Highly Voted 2 years agoID77
Most Recent 7 months, 4 weeks agoSecurityGuyPP
1 year, 6 months agogrelaman
1 year, 7 months agokumax
1 year, 7 months agorg00
1 year, 8 months agorg00
1 year, 8 months agoDutch012
1 year, 11 months agoNerdAlert
1 year, 11 months agoCyberCEH
2 years ago