The correct solution centers on constructing a theory about questionable activity, then checking the appropriate data sources to confirm or refute it. This systematic strategy is often used in threat hunting, such as examining potential breaches on a File Transfer Protocol (FTP) server where login patterns deviate from established norms. The other options are legitimate approaches to security monitoring but do not emphasize formulating a specific assumption. For example, gathering logs from multiple tools is typically done to look for general indicators of intrusion, while decoy hosts are for luring attackers to capture insights. Automating classification can expedite detection but may overlook or misinterpret subtle malicious actions without a guiding hypothesis.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is threat hunting?
Open an interactive chat with Bash
What is the role of assumptions in threat hunting?