During a threat hunting exercise, which focus area is MOST likely to help you identify indicators of compromise (IoCs) related to a sophisticated attack targeting financial systems?
Analyzing external threat feeds and intelligence
Reviewing isolated networks for unusual activity
Monitoring business-critical assets and processes
Examining network configurations for potential misconfigurations
Business-critical assets and processes are crucial to monitor during threat hunting, specifically for identifying IoCs in sophisticated attacks. These assets are often the prime target for threat actors, and any anomalies or suspicious activities within these systems can indicate a compromise. While network configurations and isolated networks are essential, they generally serve as supporting aspects rather than the primary focus. Misconfigurations can lead to vulnerabilities, but monitoring business-critical assets directly is more beneficial for identifying IoC in sophisticated attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are indicators of compromise (IoCs)?
Open an interactive chat with Bash
What are business-critical assets and processes?
Open an interactive chat with Bash
Why is monitoring isolated networks not as effective for identifying IoCs in sophisticated attacks?