Splunk Observability Cloud Certified Metrics User — Question 44

What is the main difference between hypothesis-driven and data-driven Threat Hunting?

Answer options

• A. Data-driven hunts always require more data to search through than hypothesis-driven hunts.
• B. Data-driven hunting tries to uncover activity within an existing data set, hypothesis-driven hunting begins with a potential activity that the hunter thinks may be happening.
• C. Hypothesis-driven hunts are typically executed on newly ingested data sources, while data-driven hunts are not.
• D. Hypothesis-driven hunting tries to uncover activity within an existing data set, data-driven hunting begins with an activity that the hunter thinks may be happening.

Correct answer: B

Explanation

The correct answer is B because data-driven hunting focuses on analyzing existing data to identify anomalies, while hypothesis-driven hunting is initiated by a specific theory about potential threats. The other options either misrepresent the processes of each type of hunting or incorrectly describe their execution and focus.