Threat Hunting

Questions and Answers

Which of the following best defines threat hunting?

• The practice of searching for cyber threats that are outside a network
• The practice of searching for cyber threats that have already been detected
• The practice of proactively searching for cyber threats that are inside a network, yet remain undetected (correct)
• The practice of waiting for cyber threats to reveal themselves

What does cyber threat hunting use to uncover unauthorized actors in a network?

• Defensive elements
• Network perimeter
• Tools, techniques, and procedures (TTPs) (correct)
• Unauthorized users

Where are most defensive elements located in a network?

• In the cloud
• On external devices
• Inside the network
• On or near the network perimeter (correct)

What can attackers do if they manage to get past the line of defense?

They can hide in a network for months, if not years (D)

What is the technique called when attackers use system resources to continue their presence in a network?

Living off the land (A)

Flashcards are hidden until you start studying

Study Notes

Threat Hunting Definition

• Threat hunting is the proactive process of identifying and isolating malicious activity within a network.

Cyber Threat Hunting

• Cyber threat hunting uses anomaly detection, threat intelligence, and human analysis to uncover unauthorized actors in a network.

Network Defense

• Most defensive elements are located at the perimeter of a network.

Attack Tactics

• If attackers manage to get past the line of defense, they can move laterally, escalate privileges, and persist in the network.

Attack Techniques

• The technique used by attackers to continue their presence in a network by using system resources is called "living off the land."