CompTIA CySA+ (CS0-002) — Question 194

A security operations manager wants to build out an internal threat-hunting capability. Which of the following should be the first priority when creating a threat-hunting program?

Answer options

• A. Establishing a hypothesis about which threats are targeting which systems
• B. Profiling common threat actors and activities to create a list of IOCs
• C. Ensuring logs are sent to a centralized location with search and filtering capabilities
• D. Identifying critical assets that will be used to establish targets for threat-hunting activities

Correct answer: A

Explanation

The correct answer is A because establishing a hypothesis is foundational for effective threat hunting, as it directs the focus of the program. Options B, C, and D, while important, are secondary steps that depend on the initial hypothesis to guide the specific targets and methods for hunting threats.