During active monitoring, an analyst finds unusual domain name requests from multiple hosts. The analyst suspects an emerging malicious technique and wants external data to determine which guidelines to adapt for detection. Which approach would gather relevant information from outside the organization?
Perform additional scanning on endpoints to detect software gaps.
Deploy more lures throughout the environment to capture adversary steps.
Adjust firewall boundaries to block outbound transmissions using newly discovered addresses.
Query an information exchange group for data on the suspicious domain name usage across peer organizations.
To validate unusual domain behavior across environments, analysts should consult threat intelligence sharing groups. These external sources provide visibility into broader attack trends. Internal defenses like honeypots, firewall changes, or endpoint scans help detect or mitigate threats locally but lack the external perspective necessary for identifying emerging threats or shared TTPs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an information exchange group in cybersecurity?
Open an interactive chat with Bash
What are Indicators of Compromise (IoCs)?
Open an interactive chat with Bash
What are Tactics, Techniques, and Procedures (TTPs) in cybersecurity?