eCRE eLearnSecurity Certified Reverse Engineer Exam, Exams of Technology

The eCRE Exam evaluates the skills of candidates in reverse engineering and malware analysis. It covers areas such as deconstructing compiled code, reverse engineering tools, identifying malware behaviors, debugging techniques, and understanding software vulnerabilities. This exam is ideal for cybersecurity professionals involved in threat analysis and mitigation.

Typology: Exams

2024/2025

Available from 04/18/2025

nicky-jone
nicky-jone 🇮🇳

2.9

(44)

28K documents

1 / 52

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
eCRE eLearnSecurity Certified Reverse Engineer Exam
Question 1: What is the primary objective of threat hunting?
A. To proactively search for cyber threats
B. To install security patches
C. To manage user access rights
D. To perform routine system maintenance
Correct Answer: A
Explanation: Threat hunting focuses on proactively identifying and mitigating threats before they
can cause significant damage.
Question 2: How is threat hunting best defined?
A. A reactive process to respond after an incident
B. A proactive approach to detect hidden adversaries
C. A method for updating firewall rules
D. A strategy to backup critical data
Correct Answer: B
Explanation: Threat hunting is a proactive process where analysts search for indicators of
compromise that may have bypassed traditional defenses.
Question 3: What distinguishes proactive threat hunting from reactive incident response?
A. Proactive hunting is scheduled, while reactive response is random
B. Proactive hunting searches for unknown threats before incidents occur, whereas reactive
response deals with confirmed breaches
C. Proactive hunting involves only automated tools
D. Reactive response is less effective than proactive hunting
Correct Answer: B
Explanation: Proactive threat hunting anticipates and uncovers threats before incidents are
confirmed, while reactive incident response is triggered by detected breaches.
Question 4: Which statement best describes the relationship between threat hunting and
incident response?
A. They are identical processes
B. Threat hunting is a subset of incident response
C. Threat hunting informs and enhances incident response efforts
D. Incident response is unrelated to threat hunting
Correct Answer: C
Explanation: Threat hunting helps identify threats early and provides actionable intelligence that
can improve incident response processes.
Question 5: What is a key principle of proactive threat detection in threat hunting?
A. Waiting for alerts from automated systems
B. Relying solely on perimeter defenses
C. Continuously analyzing data to identify anomalies
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34

Partial preview of the text

Download eCRE eLearnSecurity Certified Reverse Engineer Exam and more Exams Technology in PDF only on Docsity!

eCRE eLearnSecurity Certified Reverse Engineer Exam

Question 1: What is the primary objective of threat hunting? A. To proactively search for cyber threats B. To install security patches C. To manage user access rights D. To perform routine system maintenance Correct Answer: A Explanation: Threat hunting focuses on proactively identifying and mitigating threats before they can cause significant damage. Question 2: How is threat hunting best defined? A. A reactive process to respond after an incident B. A proactive approach to detect hidden adversaries C. A method for updating firewall rules D. A strategy to backup critical data Correct Answer: B Explanation: Threat hunting is a proactive process where analysts search for indicators of compromise that may have bypassed traditional defenses. Question 3: What distinguishes proactive threat hunting from reactive incident response? A. Proactive hunting is scheduled, while reactive response is random B. Proactive hunting searches for unknown threats before incidents occur, whereas reactive response deals with confirmed breaches C. Proactive hunting involves only automated tools D. Reactive response is less effective than proactive hunting Correct Answer: B Explanation: Proactive threat hunting anticipates and uncovers threats before incidents are confirmed, while reactive incident response is triggered by detected breaches. Question 4: Which statement best describes the relationship between threat hunting and incident response? A. They are identical processes B. Threat hunting is a subset of incident response C. Threat hunting informs and enhances incident response efforts D. Incident response is unrelated to threat hunting Correct Answer: C Explanation: Threat hunting helps identify threats early and provides actionable intelligence that can improve incident response processes. Question 5: What is a key principle of proactive threat detection in threat hunting? A. Waiting for alerts from automated systems B. Relying solely on perimeter defenses C. Continuously analyzing data to identify anomalies

D. Following only pre-defined playbooks Correct Answer: C Explanation: Proactive threat detection involves continuous monitoring and analysis to uncover anomalies that indicate potential threats. Question 6: Which factor differentiates threat hunting from traditional security monitoring? A. Use of static thresholds for alerts B. Reliance on reactive measures C. Hypothesis-driven investigations based on emerging patterns D. Exclusive dependence on antivirus software Correct Answer: C Explanation: Threat hunting leverages hypothesis-driven investigations and deep analysis, unlike traditional security monitoring that depends on static alert systems. Question 7: Why is threat hunting increasingly important in modern cybersecurity? A. Because it eliminates the need for firewalls B. Due to the complexity and sophistication of modern cyber threats C. It reduces the need for security personnel D. It primarily focuses on regulatory compliance Correct Answer: B Explanation: Modern cyber threats are increasingly sophisticated, making proactive threat hunting essential to identify and mitigate these risks before they escalate. Question 8: What is a common goal of threat hunting initiatives? A. To replace automated security solutions B. To eliminate all potential vulnerabilities instantly C. To reduce the time attackers remain undetected D. To solely focus on compliance reporting Correct Answer: C Explanation: By reducing dwell time, threat hunting minimizes the period attackers can operate undetected within an environment. Question 9: Which approach is central to hypothesis-driven threat hunting? A. Reacting only after alerts trigger investigations B. Formulating theories about potential attack vectors and validating them C. Only using pre-existing threat intelligence reports D. Waiting for a full breach to occur Correct Answer: B Explanation: Hypothesis-driven threat hunting involves creating and testing theories on potential adversary behaviors to uncover hidden threats. Question 10: What role does data play in threat hunting? A. It is only used for historical record keeping B. It is irrelevant for proactive security measures C. It serves as the foundation for detecting anomalies and patterns

C. They are identical in scope D. Incident response uses only automated tools Correct Answer: B Explanation: Threat hunting is a proactive activity that searches for threats before they trigger incidents, unlike incident response which reacts to confirmed breaches. Question 16: Which of the following is an example of a threat that threat hunting might uncover? A. A scheduled software update B. A stealthy attacker using advanced persistent threat (APT) techniques C. A low-risk informational email D. A routine file backup Correct Answer: B Explanation: Threat hunting is designed to uncover hidden threats such as APTs that use stealthy techniques to compromise networks. Question 17: How does threat hunting improve an organization’s cybersecurity posture? A. By delaying threat detection until after damage is done B. By identifying and neutralizing threats before they escalate C. By eliminating the need for network segmentation D. By reducing investment in security technologies Correct Answer: B Explanation: Proactively identifying and mitigating threats enhances an organization’s overall cybersecurity posture and reduces potential damage. Question 18: What is meant by proactive threat detection? A. Reacting after an attack has been confirmed B. Continuously searching for and identifying threats before incidents occur C. Ignoring minor security alerts D. Waiting for automated systems to trigger alerts Correct Answer: B Explanation: Proactive threat detection involves actively searching for threats, often before they manifest as full-blown incidents. Question 19: Why is continuous monitoring crucial in threat hunting? A. It ensures that all alerts are ignored B. It provides ongoing visibility into network behavior and anomalies C. It focuses only on end-of-day reports D. It replaces the need for periodic security reviews Correct Answer: B Explanation: Continuous monitoring allows for the timely detection of unusual behaviors, which is essential for effective threat hunting. Question 20: What role does threat hunting play in reducing the dwell time of an attacker? A. It increases the time attackers remain undetected B. It speeds up the detection process, limiting the time an attacker can operate within a network

C. It focuses solely on recovery efforts D. It is unrelated to attacker dwell time Correct Answer: B Explanation: By detecting threats early, threat hunting minimizes the duration that an attacker remains within a network, reducing potential damage. Question 21: Which framework is commonly used in threat hunting to map adversary behavior? A. ISO 27001 B. MITRE ATT&CK C. NIST SP 800- 53 D. COBIT Correct Answer: B Explanation: MITRE ATT&CK provides a comprehensive matrix of adversary tactics and techniques, making it invaluable for threat hunting. Question 22: What is the primary purpose of the Lockheed Martin Cyber Kill Chain in threat hunting? A. To schedule regular maintenance tasks B. To identify the stages of an attack for targeted detection and mitigation C. To manage employee access D. To design network architecture Correct Answer: B Explanation: The Cyber Kill Chain helps identify the sequential steps of an attack, which is crucial for intercepting adversaries at various stages. Question 23: How do threat hunters use frameworks such as MITRE ATT&CK in their investigations? A. They ignore them entirely B. They map observed adversary behaviors to known tactics and techniques C. They use them only for compliance purposes D. They solely focus on hardware vulnerabilities Correct Answer: B Explanation: Mapping observed behaviors to the MITRE ATT&CK framework helps analysts identify and understand the tactics and techniques employed by adversaries. Question 24: Which of the following best describes a hypothesis-driven threat hunt? A. Waiting for automated alerts before acting B. Developing a theory about potential attack paths and investigating accordingly C. Ignoring unusual activity until it becomes widespread D. Solely relying on firewall logs for threat detection Correct Answer: B Explanation: Hypothesis-driven threat hunting starts with an assumption or theory about possible adversary behavior, guiding the investigation process.

Question 30: In threat hunting, what is the significance of correlating multiple data sources? A. It creates more noise in the system B. It provides a comprehensive view of potential malicious activity C. It reduces the number of false positives to zero D. It is only useful for compliance audits Correct Answer: B Explanation: Correlating data from various sources helps build a complete picture of network activities, leading to more accurate threat detection. Question 31: Which of the following is a common framework used in threat hunting besides MITRE ATT&CK? A. COBIT B. Lockheed Martin Cyber Kill Chain C. PCI DSS D. ITIL Correct Answer: B Explanation: The Lockheed Martin Cyber Kill Chain is another widely recognized framework that details the stages of an attack for effective threat hunting. Question 32: How does the hypothesis-driven methodology benefit threat hunters? A. It removes the need for threat intelligence B. It allows for targeted investigations based on informed assumptions C. It guarantees 100% detection of threats D. It focuses only on known malware Correct Answer: B Explanation: By developing informed hypotheses, threat hunters can target their investigations more efficiently, potentially uncovering stealthy adversaries. Question 33: What is the primary focus during the analysis stage of threat hunting? A. Immediate eradication of all network traffic B. Deep investigation and correlation of anomalies with known attack techniques C. Disregarding system logs D. Performing routine software installations Correct Answer: B Explanation: The analysis stage involves deep-diving into collected data to identify patterns or anomalies that could indicate a cyber threat. Question 34: Which step directly follows data collection in the threat hunting process? A. Preparation B. Analysis C. Reporting D. Response Correct Answer: B Explanation: After gathering data, threat hunters analyze it to detect potential threats and validate their hypotheses.

Question 35: What does an effective threat hunting workflow typically include? A. Only automated responses B. Stages such as preparation, detection, analysis, and response C. Only the deployment of security patches D. Disregarding user activities Correct Answer: B Explanation: An effective workflow involves multiple stages—starting with preparation, followed by detection, analysis, and finally, response—to ensure comprehensive threat management. Question 36: How do threat hunting frameworks help in structuring investigations? A. They limit the types of threats that can be investigated B. They provide standardized methodologies that align investigations with known adversary tactics C. They remove the need for any manual analysis D. They focus exclusively on software vulnerabilities Correct Answer: B Explanation: Standardized frameworks enable analysts to align their investigation with established adversary tactics, improving detection accuracy. Question 37: What is the importance of aligning threat hunting activities with business objectives? A. It allows ignoring compliance requirements B. It ensures that security efforts support overall organizational goals C. It reduces the need for technical analysis D. It only benefits marketing teams Correct Answer: B Explanation: Aligning threat hunting with business objectives ensures that security initiatives are focused on protecting critical assets and supporting the organization’s strategic goals. Question 38: Which tool is most commonly associated with the application of threat hunting frameworks? A. Spreadsheet software B. Endpoint detection and response (EDR) tools C. Social media platforms D. Word processing applications Correct Answer: B Explanation: EDR tools provide detailed endpoint data that can be correlated with threat hunting frameworks for effective analysis. Question 39: What is one challenge of applying threat hunting frameworks in real-world environments? A. The frameworks are too simplistic B. There is often a lack of quality data to map to the frameworks C. They are not recognized by any security standards D. They always require manual intervention

Correct Answer: B Explanation: Effective log analysis involves correlating data from different sources to uncover patterns or anomalies that may indicate a threat. Question 45: How can threat intelligence platforms enhance threat hunting activities? A. By isolating internal data from external sources B. By enriching investigations with up-to-date indicators of compromise (IOCs) and adversary tactics C. By replacing the need for internal monitoring D. By generating random reports Correct Answer: B Explanation: Threat intelligence platforms provide current information on adversary tactics and IOCs that can validate and refine threat hunting hypotheses. Question 46: Which of the following best describes cloud-native security tools in the context of threat hunting? A. Tools that are only useful for on-premises environments B. Security solutions designed specifically for cloud environments C. Traditional antivirus programs D. Software unrelated to threat detection Correct Answer: B Explanation: Cloud-native security tools are designed to work with the dynamic and scalable nature of cloud environments, facilitating effective threat hunting in those settings. Question 47: Why is network traffic analysis critical in detecting threats? A. It solely focuses on internal emails B. It helps identify communication patterns that may indicate lateral movement or data exfiltration C. It does not require any technical expertise D. It only monitors internet browsing history Correct Answer: B Explanation: Network traffic analysis enables analysts to detect suspicious communication patterns, which are often the first signs of an active threat. Question 48: What is the importance of host-based tools in threat hunting? A. They are used only for system backups B. They provide detailed insights into individual endpoint activities C. They are irrelevant in modern networks D. They only track software licenses Correct Answer: B Explanation: Host-based tools deliver granular data on system activities, which is crucial for detecting signs of compromise at the endpoint level. Question 49: How do log correlation techniques improve threat detection? A. They ignore anomalies in data B. They aggregate data from multiple sources to reveal hidden patterns

C. They focus exclusively on user login data D. They replace the need for threat intelligence Correct Answer: B Explanation: By correlating logs from various sources, analysts can detect complex attack patterns that might otherwise go unnoticed. Question 50: What is a key benefit of integrating cloud-native security tools into threat hunting? A. They eliminate the need for network segmentation B. They are optimized for the dynamic nature of cloud environments C. They require no configuration D. They only monitor hardware failures Correct Answer: B Explanation: Cloud-native security tools are designed to adapt to the elastic and dynamic environments of the cloud, ensuring continuous and effective threat detection. Question 51: What is the primary focus of data collection in threat hunting? A. Gathering irrelevant information B. Collecting diverse data sources such as logs, endpoint data, and network traffic C. Only collecting data once a year D. Ignoring historical records Correct Answer: B Explanation: Comprehensive data collection from various sources is essential to establish a baseline and detect anomalies during threat hunting. Question 52: Why is historical data important in threat analysis? A. It is never used B. It provides context and trends that help identify deviations from normal behavior C. It only serves archival purposes D. It delays the threat detection process Correct Answer: B Explanation: Historical data allows analysts to compare current behaviors against past trends, helping to highlight anomalies that might indicate threats. Question 53: Which of the following is a key data source for threat hunting? A. Financial reports B. System and network logs C. Social media posts D. Printed newsletters Correct Answer: B Explanation: System and network logs contain critical details about events and behaviors that can be analyzed to uncover potential threats. Question 54: What is the purpose of filtering data during threat hunting? A. To reduce data volume and focus on relevant information B. To remove all anomalies

B. It automates the identification of complex patterns in large data sets C. It replaces all manual analyses completely D. It only processes structured data Correct Answer: B Explanation: Machine learning can process vast amounts of data, uncovering subtle patterns and anomalies that might elude manual analysis. Question 60: How does data analysis enhance the overall threat hunting process? A. By making the process slower B. By providing insights that guide the detection and investigation of potential threats C. By eliminating the need for any further investigation D. By solely relying on historical data Correct Answer: B Explanation: Data analysis helps translate raw data into actionable insights, enabling more precise and effective threat detection. Question 61: What is a key component of MITRE ATT&CK in threat hunting? A. Financial forecasting B. Mapping adversary tactics and techniques C. Designing hardware infrastructure D. Managing user permissions Correct Answer: B Explanation: MITRE ATT&CK outlines adversary tactics and techniques, which threat hunters use to understand and detect malicious behaviors. Question 62: How do threat hunters use MITRE ATT&CK matrices? A. They ignore them completely B. They map observed activities to known adversary behaviors and techniques C. They solely focus on physical security measures D. They use them to design new network architectures Correct Answer: B Explanation: Threat hunters correlate observed behaviors with the MITRE ATT&CK matrix to identify and classify potential threats. Question 63: What are TTPs in the context of threat hunting using MITRE ATT&CK? A. Temporary Technical Procedures B. Tactics, Techniques, and Procedures C. Technical Threat Protocols D. Timely Threat Patterns Correct Answer: B Explanation: TTPs stand for Tactics, Techniques, and Procedures, which are used to describe adversary behavior in the MITRE ATT&CK framework. Question 64: Which of the following best illustrates the use of MITRE ATT&CK in threat hunting? A. Mapping firewall configurations

B. Correlating observed network behaviors with known attack techniques C. Updating software patches D. Ignoring threat intelligence Correct Answer: B Explanation: By aligning observed network behaviors with the techniques listed in MITRE ATT&CK, threat hunters can identify and classify adversary activities. Question 65: How does mapping observed activities to MITRE ATT&CK benefit threat hunters? A. It eliminates all false positives B. It provides a structured way to understand attacker behaviors C. It replaces the need for network logs D. It solely focuses on endpoint devices Correct Answer: B Explanation: Mapping activities to MITRE ATT&CK offers a systematic approach to understanding and classifying attacker tactics and techniques. Question 66: What role do practical examples play in leveraging MITRE ATT&CK for threat hunting? A. They complicate the process unnecessarily B. They provide real-world scenarios that improve understanding and application C. They are only useful in academic settings D. They replace the need for threat intelligence Correct Answer: B Explanation: Practical examples help threat hunters grasp how to apply MITRE ATT&CK techniques to real-world scenarios, enhancing detection strategies. Question 67: Why is it important to understand the structure of MITRE ATT&CK in threat hunting? A. It is only relevant for regulatory purposes B. It helps in effectively mapping threats and understanding adversary behavior C. It solely focuses on user access controls D. It is outdated for modern networks Correct Answer: B Explanation: Understanding the structure of MITRE ATT&CK enables threat hunters to map and interpret adversary behaviors accurately during investigations. Question 68: Which aspect of MITRE ATT&CK is most useful for correlating threat data? A. Its color-coded interface B. Its comprehensive listing of tactics and techniques C. Its focus on hardware inventory D. Its financial impact assessments Correct Answer: B Explanation: The detailed listing of tactics and techniques in MITRE ATT&CK allows for effective correlation of observed data with known attack methods.

Question 74: Which technique is essential for detecting lateral movement in an enterprise network? A. Static password policies B. Monitoring network traffic for unusual inter-system communication C. Disabling all network communication D. Focusing only on physical access controls Correct Answer: B Explanation: Detecting lateral movement involves identifying abnormal communication patterns between systems, which may indicate an attacker’s attempt to spread within the network. Question 75: How do threat hunters combine IOC-based and tactic-based approaches? A. They use only one method at a time B. They integrate both methods to validate suspicions and improve detection accuracy C. They ignore one method in favor of the other D. They alternate randomly between the two Correct Answer: B Explanation: Combining both approaches enhances the detection capability by cross-verifying indicators with adversary tactics, reducing false positives and missed threats. Question 76: Which of the following is a common Indicator of Compromise (IOC) used in threat hunting? A. Known malicious IP addresses B. Outdated hardware models C. User preference settings D. Printer serial numbers Correct Answer: A Explanation: Known malicious IP addresses are commonly used IOCs that help identify communications with known threat actors. Question 77: What role does behavioral anomaly detection play in advanced threat hunting? A. It is used only for generating reports B. It identifies deviations from normal behavior that may indicate an attack C. It replaces the need for automated alerts D. It only monitors hardware performance Correct Answer: B Explanation: Behavioral anomaly detection focuses on recognizing deviations from established baselines, which can signal potential malicious activity. Question 78: How can threat intelligence feeds support advanced threat hunting? A. By replacing the need for internal monitoring B. By providing up-to-date information on emerging threats and adversary tactics C. By only focusing on past incidents D. By ignoring current attack trends Correct Answer: B

Explanation: Up-to-date threat intelligence feeds offer current insights into emerging threats, helping threat hunters adapt their techniques accordingly. Question 79: Which of the following is a benefit of detecting lateral movement during threat hunting? A. It confirms the presence of an insider threat B. It helps identify the scope of an ongoing attack C. It solely focuses on external threats D. It eliminates the need for threat intelligence Correct Answer: B Explanation: Detecting lateral movement is crucial as it reveals how an attacker is propagating within the network, allowing for a more comprehensive incident response. Question 80: What makes combining IOC-based and tactic-based threat hunting effective? A. It minimizes the need for any data analysis B. It cross-validates findings and improves the overall accuracy of threat detection C. It relies solely on manual processes D. It only applies to outdated attack techniques Correct Answer: B Explanation: Integrating both approaches ensures that detection is based on multiple evidence sources, leading to more reliable identification of sophisticated threats. Question 81: Which threat is typically the focus when hunting for malware? A. Unrelated system updates B. Malicious code designed to disrupt or compromise systems C. User interface glitches D. Network latency issues Correct Answer: B Explanation: Malware hunting involves identifying and mitigating malicious software that can disrupt operations or compromise security. Question 82: What distinguishes ransomware from other malware in threat hunting? A. It only affects hardware components B. It encrypts data and demands payment for decryption C. It improves system performance D. It solely affects printers Correct Answer: B Explanation: Ransomware encrypts victims’ data and typically demands a ransom for restoration, making it a high-priority threat in cybersecurity investigations. Question 83: How can threat hunters detect credential theft? A. By monitoring abnormal login patterns and access attempts B. By only focusing on hardware failures C. By ignoring network traffic D. By relying solely on antivirus software Correct Answer: A

Explanation: Unusual patterns of communication between hosts can signal lateral movement, prompting further investigation by threat hunters. Question 89: Which threat hunting activity is essential for detecting malware infections? A. Regularly updating office software B. Analyzing system logs and file integrity for signs of malicious code execution C. Only checking user emails D. Monitoring physical access logs Correct Answer: B Explanation: Analyzing system logs for abnormal file changes or execution patterns can help detect the presence of malware infections. Question 90: What is a common challenge when hunting for credential misuse? A. Lack of any monitoring tools B. Differentiating between legitimate and malicious account activities C. The irrelevance of network logs D. The use of only outdated credentials Correct Answer: B Explanation: It can be difficult to distinguish between legitimate use and malicious activity, requiring detailed analysis of behavior and context. Question 91: Which of the following is an indicator of a compromised account? A. Regular login times B. Unusual login locations and times C. Consistent usage patterns D. No change in behavior Correct Answer: B Explanation: A compromised account often exhibits unusual login behaviors, such as accessing the system from unfamiliar locations or at odd hours. Question 92: How do threat hunters detect phishing campaigns? A. By solely monitoring firewall alerts B. By analyzing email traffic for known malicious domains and suspicious content C. By ignoring user reports D. By only updating antivirus software Correct Answer: B Explanation: By analyzing email headers, sender reputations, and content, threat hunters can identify and investigate potential phishing campaigns. Question 93: What method can be used to detect malware-related lateral movement? A. Monitoring system update logs B. Observing abnormal communication patterns between compromised hosts C. Checking only application logs D. Ignoring endpoint alerts Correct Answer: B

Explanation: Abnormal communication between endpoints can indicate that malware is spreading laterally within the network. Question 94: Which technique is crucial for hunting ransomware infections? A. Disabling user authentication B. Monitoring file integrity and detecting abnormal encryption activities C. Focusing solely on network throughput D. Ignoring system logs Correct Answer: B Explanation: Monitoring file integrity and unusual encryption activity is key to detecting ransomware before it causes significant damage. Question 95: How can threat hunting help in identifying insider threats? A. By relying only on external threat intelligence B. By analyzing user behavior and detecting deviations from normal activity C. By focusing exclusively on hardware inventory D. By only reviewing email traffic Correct Answer: B Explanation: Monitoring user behavior for irregular activities can help detect insider threats, such as unauthorized access or data exfiltration. Question 96: What is the importance of investigating network intrusions in threat hunting? A. They are irrelevant to modern security B. They provide early warning signs of broader compromise C. They only affect financial systems D. They solely occur in legacy systems Correct Answer: B Explanation: Early detection of network intrusions allows organizations to respond quickly, reducing the potential impact of a broader security breach. Question 97: Which activity is critical for identifying phishing attempts in a threat hunting operation? A. Analyzing website aesthetics B. Reviewing email metadata and suspicious attachments C. Monitoring office supply usage D. Checking physical access logs exclusively Correct Answer: B Explanation: Analyzing email metadata, such as sender details and attachment types, helps in identifying phishing attempts and mitigating their impact. Question 98: How can threat hunting techniques uncover the exploitation of vulnerabilities? A. By only checking hardware serial numbers B. By correlating known vulnerability exploits with unusual system behaviors C. By ignoring software patch histories D. By solely focusing on external IP addresses