nerdexam
Exams212-82Questions#124
EC-CouncilEC-Council

212-82 · Question #124

212-82 Question #124: Real Exam Question with Answer & Explanation

The correct answer is B: Exploiting a zero-day vulnerability in the application used by developers.. The description of "exploitation of unknown/unpatched vulnerabilities in software/hardware" by a sophisticated APT group strongly suggests the use of zero-day vulnerabilities for initial access.

Submitted by tunde_lagos· Mar 6, 2026Cloud Security Risks & Threat Mitigation

Question

An advanced persistent threat (APT) group known for Its stealth and sophistication targeted a leading software development company. The attack was meticulously planned and executed over several months. It involved exploiting vulnerabilities at both the application level and the operating system level. The attack resulted in the extraction of sensitive source code and disruption of development operations. Post-incident analysis revealed multiple attack vectors, including phishing, exploitation of unknown/unpatched vulnerabilities in software/hardware. and lateral movement within the network. Given the nature and execution of this attack, what was the primary method used by the attackers to initiate this APT?

Options

  • AExploiting default passwords to gain initial access to the network.
  • BExploiting a zero-day vulnerability in the application used by developers.
  • CExploiting a known vulnerability in the firewall to bypass network defenses.
  • DCompromising a third-party vendor with access to the company's development environment.

Explanation

The description of "exploitation of unknown/unpatched vulnerabilities in software/hardware" by a sophisticated APT group strongly suggests the use of zero-day vulnerabilities for initial access.

Common mistakes.

  • A. Exploiting default passwords is a common and simple attack method, but less indicative of the "stealth and sophistication" of a meticulously planned, multi-month APT involving "unknown/unpatched vulnerabilities."
  • C. While exploiting known vulnerabilities can occur, the scenario specifically refers to "unknown/unpatched vulnerabilities," making a known vulnerability in the firewall less likely as the primary initial method described for this type of attack.
  • D. Compromising a third-party vendor is a possible APT vector, but the question explicitly states "exploitation of unknown/unpatched vulnerabilities in software/hardware" as one of the vectors, leading directly to the zero-day concept.

Concept tested. Advanced Persistent Threat (APT) initial access methods and zero-day exploitation

Reference. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/zero-day-exploit?view=o365-worldwide

Topics

#APT#Zero-day vulnerability#Attack vectors#Application exploits

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 212-82 PracticeBrowse All 212-82 Questions