Eccouncil Exam 212-82 Topic 2 Question 19 Discussion

Actual exam question for Eccouncil's 212-82 exam

Question #: 19
Topic #: 2

Mark, a security analyst, was tasked with performing threat hunting to detect imminent threats in an organization's network. He generated a hypothesis based on the observations in the initial step and started the threat-hunting process using existing data collected from DNS and proxy logs.

Identify the type of threat-hunting method employed by Mark in the above scenario.

AEntity-driven hunting

BTTP-driven hunting

CData-driven hunting

DHybrid hunting

Show Suggested Answer

Suggested Answer: B

by Paris at Aug 04, 2023, 11:49 AM

Limited Time Offer

25%

Off

Get Premium 212-82 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Joni

7 days ago

I'm going with option B, TTP-driven hunting. It's like playing a game of 'Guess the Hacker's Playbook' - you gotta know their moves to catch them!

upvoted 0 times

...

Meaghan

8 days ago

This sounds like a hybrid approach to me. Mark is combining both entity-driven and data-driven techniques to uncover the potential threats.

upvoted 0 times

...

Eileen

17 days ago

I think it could be a combination of Entity-driven and Data-driven hunting, so maybe Hybrid hunting.

upvoted 0 times

...

Stevie

18 days ago

Data-driven hunting seems like a good fit here. Mark is using the existing data from DNS and proxy logs to identify any suspicious activities or patterns.

upvoted 0 times

...

Michael

18 days ago

I believe Mark employed Data-driven hunting.

upvoted 0 times

...

Santos

19 days ago

I think Mark is using the TTP-driven hunting method since he's focusing on the tactics, techniques, and procedures used by the threat actors to detect the imminent threats.

upvoted 0 times

...

Hobert

25 days ago

I think Mark used TTP-driven hunting.

upvoted 0 times

...