Fotis was asked to implement a threat-hunting program for his organization. Which one of the following is the basic assumption of a threat-hunting program that he should use as he plans his work?

While all of these assumptions are valid premises that Fotis might have going into the exercise, the basic assumption of a threat-hunting exercise is the so-called presumption of compromise. This means that Fotis should assume that attackers have already gained access to his system and then hunt for indicators of their presence.