Valid 300-220 Dumps shared by EduDump.com for Helping Passing 300-220 Exam! EduDump.com now offer the newest 300-220 exam dumps, the EduDump.com 300-220 exam questions have been updated and answers have been corrected get the newest EduDump.com 300-220 dumps with Test Engine here:
A threat hunter is usingCisco Secure Network Analytics (Stealthwatch)to investigate possible lateral movement inside the network. Which behavior would MOST strongly indicate lateral movement using valid credentials?
Correct Answer: B
The correct answer isinternal systems authenticating to multiple hosts using SMB in a short time. This behavior is a classic indicator ofcredential-based lateral movement. When attackers obtain valid credentials, they often move laterally by: * Accessing administrative shares (e.g., C$, ADMIN$) * Using SMB, WMI, WinRM, or RDP * Authenticating to multiple systems rapidly Cisco Secure Network Analytics excels at identifyingeast-west traffic anomalies, which are central to lateral movement detection. A single host authenticating to many internal systems over SMB in a short time deviates strongly from normal user behavior. Option A relates to external traffic, not lateral movement. Option C may indicate command-and-control or staging but not lateral movement. Option D aligns more with beaconing behavior. This technique aligns withMITRE ATT&CK - Lateral Movementand is explicitly covered in theCBRTHD blueprintunder network-based threat hunting. Thus,Option Bis the correct answer.