nerdexam
CompTIA

CAS-003 · Question #399

A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the l

The correct answer is C. Form and deploy a hunt team. D. Institute heuristic anomaly detection.. “Hunt teaming is yet another technique that facilitates incident response. Instead of passively monitoring entities and systems, a team of security personnel will actively “hunt” for indicators of compromise in a particular environment. This is based on the assumption that you ma

Enterprise Security Operations

Question

A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle. Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)

Options

  • AInstall and configure an IPS.
  • BEnforce routine GPO reviews.
  • CForm and deploy a hunt team.
  • DInstitute heuristic anomaly detection.
  • EUse a protocol analyzer with appropriate connectors.

How the community answered

(54 responses)
  • A
    7% (4)
  • B
    11% (6)
  • C
    57% (31)
  • E
    24% (13)

Explanation

“Hunt teaming is yet another technique that facilitates incident response. Instead of passively monitoring entities and systems, a team of security personnel will actively “hunt” for indicators of compromise in a particular environment. This is based on the assumption that you may already be compromised, even if you don’t notice any overt signs of an incident. A hunt team will typically examine hosts and network activity for evidence of command and control (C&C) channels used in a botnet; unusual registry keys that could indicate persistent malware; rogue hardware that is attached to the network; suspicious or unusual network port and protocol usage; unauthorized accounts; and more.” Company’s objective: discover and respond to emerging threats earlier in the life cycle”

Topics

#threat hunting#heuristic anomaly detection#continuous monitoring#emerging threats

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice