Cisco 300-220 - Conducting Threat Hunting and Defending using Cisco Technologies for Cybersecurity Exam

Question #1 (Topic: Topic 1, Threat Hunting Fundamentals )

The Security Operations Center receives two alerts in security information and event management about two separate possible attacks. The first alert concerns brute force attempts on a domain controller, and the second attack concerns the flooding of a network. After an initial investigation, the team confirms that both alerts are valid and begins a detailed investigation.
According to the CAPEC model, which vulnerability criteria should the team prioritize in the investigation?

A. quickest mitigation actions B. highest probability of attack C. highest typical severity D. most discovered weaknesses

Answer: C

Question #2 (Topic: Topic 1, Threat Hunting Fundamentals )

Which threat hunting methodology aims to understand how adversaries think?

A. intel-driven B. hybrid C. entity-driven D. TTP-driven

Answer: D

Question #3 (Topic: Topic 1, Threat Hunting Fundamentals )

What is a characteristic of a memory-resident attack?

A. The attack is file independent. B. The execution continues after a system restart. C. Programs must be closed to be infected. D. Malware is installed in the virtual memory.

Answer: A

Question #4 (Topic: Topic 1, Threat Hunting Fundamentals )

What should be considered when using machine learning for data analysis in a SOC?

A. More professionals are needed to maintain the system. B. Security gaps can occur during the early stages of development. C. Machine learning is unsuited for small organizations. D. Constant tuning is required for data analysis to be effective.

Answer: D

Question #5 (Topic: Topic 1, Threat Hunting Fundamentals )

According to the MITRE ATT&CK framework, how is the password spraying technique classified?

A. initial access B. credential access C. lateral movement D. privilege escalation

Answer: B

Download Exam

Page: 1 / 12

Total 60 questions