An organization regularly scans its networks and systems for vulnerabilities, but wants to take a more proactive stance in security by seeking out signs of unknown threats. Which of the following activities would best accomplish this goal?
Performing red team exercises to simulate potential adversary actions
Conducting regular threat hunting exercises to search for indicators of compromise or potential threats
Configuring automated alerts to notify when predefined security conditions are met
Completing a vulnerability assessment to patch identified security weaknesses
Threat Hunting involves actively looking for indicators of compromise or potential threats on networks and systems, often using both manual and automated tools. It goes beyond passive monitoring for known threats and aims to identify malicious activity that may not have been detected by existing security measures. Automated alerts are part of a reactive, not proactive strategy. Red team exercises are focused on simulating attacks to test the organization's defences, not on identifying ongoing unknown threats. Vulnerability assessments are used to identify known security issues to be patched, not to proactively hunt for active malicious presence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are indicators of compromise (IOCs) in threat hunting?
Open an interactive chat with Bash
How does threat hunting differ from traditional security measures?
Open an interactive chat with Bash
What tools are commonly used in threat hunting exercises?