Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A threat hunter is identifying potentially malicious activity associated with an APT. When the threat hunter runs queries against the SIEM platform with a date range of 60 to 90 days ago, the involved account seems to be typically most active in the evenings. When the threat hunter reruns the same query with a date range of 5 to 30 days ago, the account appears to be most active in the early morning. Which of the following techniques is the threat hunter using to better understand the data?
Correct Answer: B
User behavior analytics (UBA) detects anomalous activity by analyzing historical patterns and comparing them to recent behavior. The time shift in account activity suggests potential compromise or misuse. TTP-based inquiries (A) focus on known attack tactics, techniques, and procedures but do not involve behavior tracking. Adversary emulation (C) simulates attacks but does not analyze real data trends. OSINT analysis (D) gathers intelligence from public sources, which is unrelated to internal account behavior analysis.