300-220 Exam Questions
140 real 300-220 exam questions with expert-verified answers and explanations. Page 2 of 3.
- Question #51Threat Hunting Techniques
Selecting suspicious activity using protocol data often requires analysis of which HTTP method?
HTTP protocol analysisSuspicious activity detectionProtocol anomaliesThreat indicators - Question #52Threat Hunting Fundamentals
Which of the following is a disadvantage of machine learning in cybersecurity?
Machine LearningTraining Data RequirementsML LimitationsCybersecurity Tools - Question #53Threat Hunting Techniques
To uncover undetected threats using endpoint artifacts, one should focus on:
Endpoint ArtifactsThreat HuntingFile/System ModificationsDetection Methods - Question #54Threat Modeling Techniques
In the context of PASTA, what is the main focus during threat modeling?
PASTA threat modelingVulnerability analysisThreat modeling methodologyApplication security - Question #55Threat Hunting Fundamentals
Determining usable artifacts for detection involves understanding:
Attacker Behavior PatternsDetection ArtifactsThreat Hunting ContextIndicators vs Behaviors - Question #56Threat Modeling Techniques
The MITRE ATT&CK framework is used to:
MITRE ATT&CKthreat modelingtactics and techniquesadversary behavior - Question #57Threat Hunting Processes
In threat intelligence handling, cataloging is important for:
threat intelligencecatalogingdata organizationanalysis accessibility - Question #58Threat Hunting Techniques
Techniques used by threat actors can be identified by analyzing:
TTPsPost-compromise analysisCommand sequencesThreat methodology - Question #59Threat Hunting Techniques
Changes to a detection methodology to augment analytical and process gaps might include: (Choose two)
Threat Intelligence IntegrationBehavioral AnalysisDetection MethodologyDetection Augmentation - Question #60Threat Hunting Fundamentals
To improve the effectiveness of a threat hunt, it is recommended to:
Threat HuntingAutomationEffectivenessBest Practices - Question #61Threat Hunting Fundamentals
What disadvantage does automation in security operations face?
Automation limitationsNovel threatsDetection gapsSignature-based detection - Question #62Threat Hunting Fundamentals
Which PowerShell cmdlet is useful for gathering system information during threat hunting?
PowerShell cmdletsProcess monitoringSystem information gatheringThreat hunting tools - Question #63Threat Hunting Outcomes
Using presentation resources effectively means:
presentation skillsdata visualizationtechnical communicationstakeholder communication - Question #64Threat Hunting Fundamentals
What is a limiting factor of detection tools for malware behavior?
malware detectiondetection limitationsencrypted trafficfalse positive rates - Question #65Threat Hunting Techniques
What is a recommended mitigation strategy to block Command and Control (C2) traffic?
C2 trafficegress filteringnetwork defensethreat mitigation - Question #66Threat Hunting Fundamentals
Which of the following is included in the Pyramid of Pain?
Pyramid of PainThreat IntelligenceIndicators of CompromiseThreat Hunting - Question #67Threat Hunting Techniques
A technique often used by advanced persistent threat actors that can be identified through log analysis is:
APT techniquesSpear-phishingLog analysisInitial access - Question #68Threat Hunting Techniques
Analyzing C2 traffic data to determine the infection stage often involves looking for:
C2 BeaconingTraffic AnalysisInfection IndicatorsMalware Detection - Question #69Threat Hunting Fundamentals
Recognizing the likelihood of an attack involves understanding:
attack likelihoodhistorical patternsthreat recognitionattack assessment - Question #70Threat Hunting Techniques
To determine the stage of infection within C2 communications, one must analyze:
C2 CommunicationsTraffic AnalysisInfection StagesNetwork Detection - Question #71Threat Hunting Fundamentals
The effectiveness of a threat hunt can be improved by:
threat_huntingteam_trainingeffectivenesssecurity_practices - Question #72Threat Hunting Fundamentals
When performing a cloud-native threat hunt, which of the following is crucial to analyze?
cloud-native threat huntingcloud configuration analysisthreat hunting scopecloud security focus - Question #73Threat Hunting Fundamentals
What does the Threat Hunting Maturity Model primarily assess in an organization's environment?
Threat Hunting Maturity ModelOrganizational Capability AssessmentMaturity LevelsThreat Hunting Framework - Question #74Threat Hunting Techniques
How does multiproduct integration enhance data visibility within a product?
Data IntegrationData AggregationData VisibilityCross-Platform Correlation - Question #75Threat Hunting Fundamentals
The primary use of unstructured threat hunting is to:
Unstructured Threat HuntingAnomaly DetectionExploratory AnalysisHunting Methodologies - Question #76Threat Hunting Techniques
An attack's timeline can help distinguish between:
timeline analysisthreat attributionauthorized vs unauthorizedincident investigation - Question #77Threat Hunting Fundamentals
When determining the priority of attacks based on the Cyber Kill Chain, which stage is crucial for early detection?
Cyber Kill ChainReconnaissanceEarly DetectionAttack Prioritization - Question #78Threat Actor Attribution Techniques
In the context of threat actor attribution, TTPs stand for:
TTPThreat AttributionTerminologyATT&CK Framework - Question #79Threat Hunting Techniques
Data interpreted from memory-specific tools can reveal:
memory forensicscode injection detectionmalware artifactsthreat detection - Question #80Threat Hunting Processes
A comprehensive playbook addresses which phases of incident response? (Choose two)
Incident ResponseDetectionRecoveryPlaybooks - Question #81Threat Modeling Techniques
Security countermeasures for identified risks might include:
Security countermeasuresAccess controlsRisk mitigationSecurity controls - Question #82Threat Hunting Techniques
Identifying C2 communications requires analysis of:
C2 CommunicationsLog AnalysisThreat HuntingMalware Detection - Question #83Threat Hunting Techniques
For detecting memory-resident malware, it's essential to analyze:
Memory-resident malwareMemory forensicsMalware detectionMemory allocation analysis - Question #84Threat Hunting Techniques
Which scripting language is commonly used for automating the data analysis in threat hunting?
Python scriptingThreat hunting automationData analysisScripting languages - Question #85Threat Hunting Processes
What are the advantages of using automation in the operation of a SOC? (Choose two)
SOC automationincident responsethreat detectionoperational efficiency - Question #86Threat Modeling Techniques
MITRE CAPEC is used to prioritize attacks based on:
MITRE CAPECAttack PatternsThreat ClassificationAttack Complexity - Question #87Threat Hunting Techniques
To detect advanced persistent threat actors, analysts must look for artifacts related to:
APT DetectionTTP AnalysisThreat HuntingPattern Analysis - Question #88Threat Modeling Techniques
The use of MITRE CAPEC helps in:
MITRE CAPECAttack PatternsThreat ModelingSoftware Security - Question #89Threat Hunting Fundamentals
The payload of a cyber attack refers to:
PayloadAttack ComponentsVulnerability ExploitationCyber Attacks - Question #90Threat Hunting Fundamentals
Detection tools are limited in their effectiveness due to: (Choose two)
detection limitationsthreat dynamicsthreat actor tacticsdetection gaps - Question #91Threat Hunting Outcomes
When recommending changes to improve threat hunting outcomes, it's important to consider:
threat hunting recommendationsresource impactoperational feasibilityoutcome optimization - Question #92Threat Hunting Fundamentals
Reverse engineering malware helps in understanding its:
malware reverse engineeringthreat intelligencefunctionality analysisdynamic/static analysis - Question #93Threat Hunting Fundamentals
Known gaps in detection can include: (Choose two)
detection gapsvulnerability managementfirewall misconfigurationsecurity blind spots - Question #94Threat Hunting Fundamentals
Which level of the Pyramid of Pain is most difficult for attackers to change and adapt to when detected?
Pyramid of PainTTPsThreat IntelligenceAttacker Adaptation - Question #95Threat Modeling Techniques
The PASTA method is used to:
Threat ModelingPASTA FrameworkAsset PrioritizationRisk Assessment - Question #96Threat Hunting Techniques
An augmentation of the detection methodology may necessitate:
Zero-Trust ArchitectureDetection MethodologyThreat DetectionSecurity Framework - Question #97Threat Actor Attribution Techniques
When interpreting the tactics, techniques, and procedures of a threat actor, which of the following is most crucial?
Threat Actor TTPsLateral Movement AnalysisThreat AttributionNetwork Behavior Patterns - Question #98Threat Hunting Techniques
Which tool is specifically designed for static analysis of executable files for vulnerabilities?
Static AnalysisPE FilesExecutable AnalysisVulnerability Detection - Question #99Threat Hunting Techniques
What does the term "honeypot" refer to in threat hunting techniques?
honeypotdecoy systemsthreat luringdeception techniques - Question #100Threat Hunting Fundamentals
How can organizations establish a culture of threat hunting within their cybersecurity teams?
threat hunting cultureteam trainingsecurity program developmentorganizational practices