CompTIA Security+ (SY0-701) — Question 28

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

Answer options

• A. Digital forensics
• B. E-discovery
• C. Incident response
• D. Threat hunting

Correct answer: D

Explanation

Threat hunting is the proactive search for indicators of compromise, making it the best method for the analyst to identify new malicious behaviors. Digital forensics focuses on collecting and analyzing evidence after an incident, while e-discovery pertains to legal investigations. Incident response is typically initiated after a compromise is confirmed, rather than for proactive detection.