CompTIA CySA+ (CS0-002) — Question 143

A security analyst was transferred to an organization's threat-hunting team to track specific activity throughout the enterprise environment. The analyst must observe and assess the number of times this activity occurs and aggregate the results. Which of the following is the BEST threat-hunting method for the analyst to use?

Answer options

• A. Stack counting
• B. Searching
• C. Clustering
• D. Grouping

Correct answer: A

Explanation

Stack counting is the optimal method for tracking the frequency of specific activities, as it allows for precise aggregation of occurrences. The other options, while useful in different contexts, do not focus primarily on counting occurrences, which is essential for this task.