nerdexam
Cisco

300-220 · Question #113

300-220 Question #113: Real Exam Question with Answer & Explanation

The correct answer is A. Identifying unique patterns of attack. Constructing a detection signature means capturing the distinctive, repeatable characteristics of an attack - specific byte sequences, behavioral patterns, network traffic anomalies, or registry changes - so that a security tool (IDS/IPS, SIEM, AV) can reliably recognize that att

Threat Hunting Fundamentals

Question

Constructing a signature for detection involves:

Options

  • AIdentifying unique patterns of attack
  • BEstimating the cost of an attack
  • CPredicting future attack vectors
  • DCalculating the downtime caused by an attack

Explanation

Constructing a detection signature means capturing the distinctive, repeatable characteristics of an attack - specific byte sequences, behavioral patterns, network traffic anomalies, or registry changes - so that a security tool (IDS/IPS, SIEM, AV) can reliably recognize that attack when it occurs again. Option B (estimating cost) and Option D (calculating downtime) are business-impact activities, not technical detection engineering tasks. Option C (predicting future vectors) describes threat intelligence or forecasting work, which precedes signature creation but is not the act of building one.

Memory tip: Think of a signature like a criminal's fingerprint - you're not guessing what crime they'll commit next (C) or tallying the damage (B/D); you're capturing the unique mark they leave behind so you can ID them on sight.

Topics

#Signature-based detection#Attack pattern identification#Detection signatures#IDS/IPS

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-220 Practice