Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?
A . Deploy a SOAR tool.
B . Modify user password history and length requirements.
C . Apply new isolation and segmentation schemes.
D . Implement decoy files on adjacent hosts.

View Answer

Answer: D

Explanation:

Implementing decoy files on adjacent hosts is a technique that can entice the adversary to uncover malicious activity, as it can lure them into accessing fake or irrelevant data that can trigger an alert or reveal their presence. Decoy files are also known as honeyfiles or honeypots, and they are part of deception technology. Deploying a SOAR (Security Orchestration Automation and Response) tool may not entice the adversary to uncover malicious activity, as SOAR is mainly focused on automating and streamlining security operations, not deceiving attackers. Modifying user password history and length requirements may not entice the adversary to uncover malicious activity, as it could affect legitimate users and not reveal the attacker’s actions. Applying new isolation and segmentation schemes may not entice the adversary to uncover malicious activity, as it could limit their access and movement, but not expose their presence.

Verified Reference:

https://www.comptia.org/blog/what-is-deception-technology

https://partners.comptia.org/docs/default-source/resources/casp-content-guide