EC-Council
312-39 · Question #20
312-39 Question #20: Real Exam Question with Answer & Explanation
Sign in or unlock 312-39 to reveal the answer and full explanation for question #20. The question stem and answer options stay visible for context.
Question
As a SOC Administrator at a mid-sized financial institution, you noticed intermittent network slowdowns and unexplained high memory usage across multiple critical systems. Your initial analysis found no traces of malware, but a forensic investigation revealed unauthorized scheduled tasks that executed during off-peak hours. These tasks ran obfuscated scripts that connected to an external command-and-control (C2) server. Further investigations showed that the adversary had gained access months ago through a compromised VPN account, leveraging stolen credentials from a phishing campaign. Which phase of the Advanced Persistent Threat (APT) lifecycle does this scenario align with?
Options
- ACleanup
- BInitial Intrusion
- CSearch and Exfiltration
- DPersistence
Unlock 312-39 to see the answer
You've previewed enough free 312-39 questions. Unlock 312-39 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.