Q: 19
When building an IOC hunting query, analysts should focus on:
Options
Discussion
Option A, had something like this in a mock. IOC hunts always target known bad domains or hashes.
Nah, not B-alert starring is a trap. It's A for IOC hunts.
A
Its A, seen similar in practice Qs, has to be known bad hashes or domains for IOC hunting.
A , since only known bad domains or hashes actually give you something concrete to search for with IOC hunting queries.
D
Be respectful. No spam.
