300-220 Exam Questions
140 real 300-220 exam questions with expert-verified answers and explanations. Page 3 of 3.
- Question #101Threat Hunting Processes
In the context of the threat hunting process, what does the term "pivot" mean?
pivothypothesis testingthreat huntinginvestigation workflow - Question #102Threat Hunting Processes
During the investigation phase of the threat hunting process, what activity is typically conducted?
Threat Hunting ProcessInvestigation PhaseData CollectionProcess Phases - Question #103Threat Hunting Outcomes
How can threat hunting help improve an organization's overall security posture?
threat huntingsecurity posturevulnerability detectionproactive defense - Question #104Threat Hunting Fundamentals
Which of the following best describes an advanced persistent threat (APT)?
APTthreat characteristicstargeted attacksthreat actor campaigns - Question #105Threat Hunting Techniques
Blocking C2 traffic effectively requires:
C2 Traffic DetectionNetwork Anomaly AnalysisThreat HuntingNetwork Analysis - Question #106Threat Actor Attribution Techniques
When selecting indicators for attribution, which of the following is considered a weak indicator on its own?
attribution indicatorsindicator strengththreat actor profilingindicator evaluation - Question #107Threat Hunting Processes
Analytical gaps in threat hunting methodologies can result in:
analytical gapsdetection opportunitiesthreat hunting methodologymissed detections - Question #108Threat Hunting Fundamentals
Diagnosing analytical gaps is crucial for:
analytical gapsgap analysisresource utilizationcapability assessment - Question #109Threat Modeling Techniques
The MITRE CAPEC database is best used for understanding:
MITRE CAPECAttack PatternsThreat IntelligenceThreat Modeling - Question #110Threat Hunting Techniques
Memory-resident attacks can be analyzed using which tool?
memory forensicsVolatilitymemory-resident malwarevolatile memory analysis - Question #111Threat Hunting Fundamentals
What is the primary goal of threat hunting?
threat huntingproactive defensethreat mitigationrisk prevention - Question #112Threat Modeling Techniques
Selecting the delivery method for an attack, which aspect is least likely to be used by a legitimate penetration tester without explicit authorization?
penetration testing authorizationattack delivery methodsbackdoor persistenceauthorized vs unauthorized testing - Question #113Threat Hunting Fundamentals
Constructing a signature for detection involves:
Signature-based detectionAttack pattern identificationDetection signaturesIDS/IPS - Question #114Threat Modeling Techniques
Security countermeasures for mitigating identified risks include:
EncryptionData ProtectionSecurity ControlsRisk Mitigation - Question #115Threat Hunting Fundamentals
What artifact would be considered at the top of the Pyramid of Pain and indicates a high level of sophistication in modifying behaviors to avoid detection?
Pyramid of PainTTPsIndicators of CompromiseAdversary Behavior - Question #116Threat Hunting Techniques
Python scripts in threat hunting are used for:
Python automationDetection automationThreat analysisSecurity scripting - Question #117Threat Hunting Fundamentals
Which of the following indicates an authorized assessment rather than an attack?
Authorized AssessmentPenetration TestingAssessment DocumentationSecurity Testing - Question #118Threat Modeling Techniques
The effectiveness of threat modeling techniques is enhanced by:
data integrationthreat intelligence sourcesthreat modelingcomprehensive analysis - Question #119Threat Modeling Techniques
The priority level of attacks based on the MITRE CAPEC model focuses on the:
MITRE CAPECAttack patternsAttack prioritizationRisk assessment - Question #120Threat Actor Attribution Techniques
Identifying a threat actor's tactics involves understanding their:
threat actor objectivesthreat actor tacticsthreat attributionattack planning - Question #121Threat Hunting Processes
The process of removing outdated threat intelligence involves:
threat intelligence lifecycledata hygieneintelligence retirementthreat management - Question #122Threat Modeling Techniques
What is the primary goal of using the STRIDE model in threat modeling?
STRIDE modelThreat modelingThreat identificationThreat enumeration - Question #123Threat Hunting Processes
Which step in the threat hunting process involves creating and executing queries to search for indicators of compromise?
Threat Hunting ProcessData AnalysisIndicators of CompromiseQuery Execution - Question #124Threat Hunting Processes
During which phase of the threat hunting process are threat indicators analyzed and correlated?
Threat Hunting PhasesThreat IndicatorsAnalysis and CorrelationThreat Hunting Workflow - Question #125Threat Hunting Processes
Why is it important to document and communicate findings during the threat hunting process?
DocumentationCommunicationKnowledge SharingSecurity Posture - Question #126Threat Hunting Techniques
Which of the following is a common method for detecting phishing attacks in threat hunting techniques?
phishing detectionDNS monitoringthreat huntingnetwork analysis - Question #127Threat Hunting Fundamentals
Interpreting a threat intelligence report requires understanding of:
threat intelligenceTTPsthreat contextthreat analysis - Question #128Threat Modeling Techniques
Which threat modeling approach is best suited for identifying systemic threats in a software environment?
STRIDEThreat ModelingSoftware SecuritySystemic Threats - Question #129Threat Hunting Fundamentals
Which code-level analysis tool is used for inspecting weaknesses in web applications?
web application securityvulnerability assessmentBURP Suitesecurity testing - Question #130Threat Hunting Fundamentals
When recommending tools for a given scenario, what factors should be considered?
tool selection criteriainfrastructure compatibilityenterprise considerationsvendor evaluation - Question #131Threat Hunting Fundamentals
________ threat hunting is based on the exploration of data with the goal of finding unknown threats.
unstructured threat huntingdata explorationunknown threatsthreat hunting methodologies - Question #132Threat Modeling Techniques
Which threat modeling standard encompasses various phases of the attack lifecycle, from planning to execution?
MITRE CAPECAttack LifecycleThreat ModelingAttack Patterns - Question #133Threat Hunting Outcomes
A key aspect of recommending attack remediation strategies is:
Remediation StrategiesBusiness ImpactRisk ManagementIncident Response - Question #134Threat Hunting Fundamentals
Vulnerabilities in software can be addressed by:
vulnerability scanningpatch managementvulnerability remediationproactive defense - Question #135Threat Hunting Fundamentals
Configuration errors leading to security gaps are often a result of:
Configuration ManagementSecurity Best PracticesSecurity GapsVulnerability Prevention - Question #136Threat Hunting Techniques
A signature for detection is effectively constructed using:
Malware signaturesBehavioral indicatorsDetection methodsThreat detection - Question #137Threat Hunting Fundamentals
Determining the priority level of attacks with the Cyber Kill Chain requires understanding the attacker's:
Cyber Kill ChainAttack PrioritizationAttack PhasesThreat Analysis - Question #138Threat Hunting Techniques
Enhancing a detection methodology could involve:
UEBADetection MethodologyBehavioral AnalyticsThreat Detection - Question #139Threat Modeling Techniques
To model threats using MITRE ATT&CK, a security team must first:
MITRE ATT&CK frameworkthreat modelingtactics and techniquesthreat analysis - Question #140
Improving threat hunting efficiency might involve: