A threat hunter is searching for signs of command-and-control traffic in network logs. The hunter needs to write a detection rule that can be used across multiple SIEM platforms. Which rule format is MOST appropriate?
More Security Operations Questions
22 questions
Full CompTIA SecurityX Practice Test
All topics covered
All CompTIA SecurityX Questions
Browse by topic
Related Questions
Which format is used to share structured threat intelligence indicators, including IoCs, TTPs, and t...
Which internal threat hunting technique deploys decoy systems or credentials to detect attacker late...
A SOC analyst is investigating a suspected intrusion. The analyst discovers an executable that was n...
A SIEM is generating a high volume of alerts for failed SSH login attempts from internal IP addresse...
After a security incident, the incident response team needs to determine the sequence of events that...
Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy
Discussion
Be the first to share your understanding of this concept
Sign in to join the discussion