300-220 Exam Questions

What is the first step in determining attack tactics, techniques, and procedures using logs?

Memory-resident malware detection is challenging because:

IoT device threat analysis must include: (Choose two)

Effective use of presentation resources to convey findings involves:

The integration of which products would most enhance analytical capabilities for threat hunting?

What is a key advantage of AI in cybersecurity?

How does TaHiTI contribute to cybersecurity practices?

Reverse engineering is used to determine compromises by:

To improve hunt capability and mature in the Threat Hunting Maturity Model, an organization should first:

A runbook or playbook for a detectable scenario should include:

Identifying memory-resident attacks often requires the use of:

The Cyber Kill Chain helps in determining the priority level of attacks by:

Attack remediation strategies should be based on:

Effective tools and configurations for detection should:

Structured threat hunting differs from unstructured threat hunting in that it:

A mitigation strategy for blocking C2 traffic that involves analyzing behavioral patterns is known as:

Endpoint artifacts are crucial for uncovering undetected threats. Which of the following are considered endpoint artifacts? (Choose two)

A delivery method that is commonly used by threat actors but rarely in authorized assessments is:

Selecting the appropriate threat modeling approach for a scenario requires understanding the:

Selecting deception techniques for a scenario involves:

When interpreting data from memory-specific tools, what is crucial to identify?

Identifying analytical gaps using threat hunting methodologies helps in:

To identify unknown gaps in detection, one should:

A tactic that indicates a sophisticated threat actor rather than a commodity malware campaign is:

In cloud-native threat hunting, which AWS service's logs are essential for analysis?

What indicates a successful C2 communication detection using endpoint logs? (Choose two)

Artifacts at which level of the Pyramid of Pain provide the most context about an attack but are also the most challenging to use for attribution?

To attribute a cyber attack to a specific threat actor, analysts primarily look for:

Advancing in the Threat Hunting Maturity Model involves:

What aspect of a threat intelligence report is critical in drawing conclusions about threat actor tactics?

To determine C2 communications from infected hosts, analysts should examine:

How can logs help in identifying the tactics, techniques, and procedures of a threat actor?

What does the Pyramid of Pain illustrate?

Effective communication of threat hunting findings should:

Recommending changes to improve threat hunt efficiency can include: (Choose two)

Threat intelligence handling involves all of the following EXCEPT:

Security countermeasures should:

To advance to the next phase of the Threat Hunting Maturity Model, an organization should:

A recommended change to enhance detection methodology includes: (Choose two)

When constructing a runbook, it is essential to include:

Multiproduct integration accelerates analysis by:

The primary goal of using BURP Suite in code-level analysis is to:

The MITRE ATT&CK framework is primarily used for modeling:

________ involves proactively searching through networks to detect and isolate advanced threats that evade existing security solutions.

When using the MITRE ATT&CK framework to model threats, changes in ________ are critical for understanding evolving attack strategies.

Utilizing threat intelligence effectively means integrating it into ________ processes.

Procedures of a given threat actor can include:

The likelihood of an attack in a given environment can be recognized by:

When analyzing IoT devices, which aspect is critical?

Selecting suspicious activity often involves analyzing session and protocol data. Which protocol is commonly scrutinized for this purpose?