Threat Hunting

Questions and Answers

Which of the following best defines threat hunting?

The practice of searching for cyber threats that are outside a network

The practice of searching for cyber threats that have already been detected

The practice of proactively searching for cyber threats that are inside a network, yet remain undetected (correct)

The practice of waiting for cyber threats to reveal themselves

What does cyber threat hunting use to uncover unauthorized actors in a network?

Defensive elements

Network perimeter

Tools, techniques, and procedures (TTPs) (correct)

Unauthorized users

Where are most defensive elements located in a network?

In the cloud

On external devices

Inside the network

On or near the network perimeter (correct)

What can attackers do if they manage to get past the line of defense?

They can hide in a network for months, if not years

What is the technique called when attackers use system resources to continue their presence in a network?

Living off the land

Study Notes

Threat Hunting Definition

• Threat hunting is the proactive process of identifying and isolating malicious activity within a network.

Cyber Threat Hunting

• Cyber threat hunting uses anomaly detection, threat intelligence, and human analysis to uncover unauthorized actors in a network.

Network Defense

• Most defensive elements are located at the perimeter of a network.

Attack Tactics

• If attackers manage to get past the line of defense, they can move laterally, escalate privileges, and persist in the network.

Attack Techniques

• The technique used by attackers to continue their presence in a network by using system resources is called "living off the land."

Description

Test your knowledge of threat hunting with this quiz! Explore the tools, techniques, and procedures used to uncover undetected cyber threats within a network. Challenge yourself to identify unauthorized actors and enhance your network defenses.