Exam SY0-701 Topic 1 Question 479 Discussion
Actual exam question for CompTIA's SY0-701 exam
Question #: 479
Topic #: 1
Question #: 479
Topic #: 1
A security analyst is concerned malicious actors are lurking in an environment but has not received any alerts regarding suspicious activity. Which of the following should the analyst conduct to further investigate the presence of these actors?
Suggested Answer: A Vote an answer
Threat hunting is a proactive security activity focused on identifying hidden or undetected threats within an environment, even when no alerts or indicators have been triggered. According to CompTIA Security+ SY0-
701, threat hunting assumes that attackers may already be present and actively evading traditional security controls such as SIEMs, IDS/IPS, or endpoint protection tools.
Threat hunting involves manually analyzing logs, endpoint telemetry, network traffic, and behavioral patterns to uncover anomalies that automated systems may miss. This aligns directly with the scenario, where the analyst has a suspicion of malicious actors but no alerts confirming activity. Threat hunting helps identify advanced persistent threats (APTs), living-off-the-land techniques, credential misuse, and lateral movement that may not generate immediate alerts.
Digital forensics (B) is typically performed after an incident has been confirmed. Vulnerability scanning (C) identifies weaknesses but does not detect active attackers. E-discovery (D) is a legal process for collecting electronically stored information and is not used for threat detection.
Because the analyst is proactively searching for hidden threats without existing alerts, the correct action is A:
Threat hunting.
701, threat hunting assumes that attackers may already be present and actively evading traditional security controls such as SIEMs, IDS/IPS, or endpoint protection tools.
Threat hunting involves manually analyzing logs, endpoint telemetry, network traffic, and behavioral patterns to uncover anomalies that automated systems may miss. This aligns directly with the scenario, where the analyst has a suspicion of malicious actors but no alerts confirming activity. Threat hunting helps identify advanced persistent threats (APTs), living-off-the-land techniques, credential misuse, and lateral movement that may not generate immediate alerts.
Digital forensics (B) is typically performed after an incident has been confirmed. Vulnerability scanning (C) identifies weaknesses but does not detect active attackers. E-discovery (D) is a legal process for collecting electronically stored information and is not used for threat detection.
Because the analyst is proactively searching for hidden threats without existing alerts, the correct action is A:
Threat hunting.
by Hardy at Mar 31, 2026, 12:03 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).