🛡️ Free practice test question from: Threat Hunting Techniques (Security+)

A) Indicators of Compromise (IOC) Sweeping: Threat hunting frequently uses IOCs (like file hashes, IP addresses, or domain names associated with known attacks) to proactively search for evidence of past intrusions. This is a very common technique.

B) Anomaly Detection: Identifying deviations from normal network or system behavior is a core threat hunting technique. Hunters look for unusual patterns that might indicate malicious activity.

C) Signature-Based Scanning: While signature-based scanning is a crucial part of traditional security (like antivirus software), it's not typically considered a threat hunting technique. Threat hunting is proactive and seeks out unknown threats, whereas signature-based scanning relies on pre-existing knowledge of known malware signatures. It's reactive, not proactive.

D) Hypothesis-Driven Hunting: This is a key aspect of threat hunting. Hunters form hypotheses about potential threats based on intelligence, observations, or intuition, and then actively search for evidence to validate or disprove those hypotheses.