Cisco 300-220 - Conducting Threat Hunting and Defending using Cisco Technologies for Cybersecurity Exam

Question #6 (Topic: Topic 1, Threat Hunting Fundamentals )

How does multiproduct integration enhance data visibility and analysis in a corporate environment?

A. Different teams use different tools so that they can crosscheck their results. B. A central data visualizer is integrated into the APIs of the products to correlate input. C. Backup tools are in place for use when the main tools are unavailable. D. Different GUIs are used to get different views of the same events.

Answer: B

Question #7 (Topic: Topic 1, Threat Hunting Fundamentals )

Refer to the exhibit.

An increase in company traffic is observed by the SOC team. After they investigate the spike, it is concluded that the increase is due to ongoing scanning activity. Further analysis reveals that an adversary used Nmap for OS fingerprinting.
Which type of indicators used by the adversary sits highest on the Pyramid of Pain?

A. UDPs B. network/host artifacts C. IP addresses D. port probes

Answer: B

Question #8 (Topic: Topic 1, Threat Hunting Fundamentals )

What is a limitation of automated dynamic malware analysis tools?

A. They produce false positives and false negatives. B. They are time consuming when performed manually. C. Vulnerabilities in runtime environments cannot be found. D. All programming languages are not supported.

Answer: A

Question #9 (Topic: Topic 1, Threat Hunting Fundamentals )

What triggers unstructured threat hunting?

A. indicators of attack B. indicators of compromise C. tactics, techniques, and procedures D. customized threat identification

Answer: B

Question #10 (Topic: Topic 1, Threat Hunting Fundamentals )

What is the classification of the pass-the-hash technique according to the MITRE ATT&CK framework?

A. credential access B. lateral movement C. privilege escalation D. persistence

Answer: B

Download Exam

Page: 2 / 12

Total 60 questions

Previous Page Next Page