🔥 3-day streak
CompTIA CySA+ (CS0-003)82 / 147
Question 82 of 147

A SOC lead wants to mature the team's threat hunting program beyond simply responding to SIEM alerts. She directs an analyst to begin a hunt based on a recently published threat intelligence report describing an APT group that abuses scheduled tasks for persistence in the finance sector. The analyst is instructed to form a testable assumption and then query EDR and log data to prove or disprove it. Which threat hunting approach is the analyst being asked to use?

Reviewed for accuracy · Report an issueNext question