A partner organization recently suffered a distributed denial of service (DDoS) attack, but the adversary’s identity and TTPs remain unknown. Your SOC has not received any relevant threat intelligence from the partner organization, but you are asked to determine whether similar activity could be happening in your environment. Which threat hunting action should you perform first? (Choose one answer)

A. Configure SIEM rules to alert when inbound traffic exceeds baseline thresholds.
B. Use a packet analyzer to capture and review all traffic flows on critical devices.
C. Develop a hunting hypothesis based on how DDoS can be executed against your network.
D. Use threat intelligence to enrich the IP addresses of all external source IP addresses.

Brave-Dump Clients Votes

C 100%

Comments

Brave-Dumps Admin 2026-02-04 20:53:00

Selected Answers: C

Reference: Page 217, 218 in NSE 7 – Security Operations 7.6 Architect Study Guide