312-50V12 Question #203: Real Exam Question with Answer & Explanation

Question

In a recent cyber-attack against a large corporation, an unknown adversary compromised the network and began escalating privileges and lateral movement. The security team identified that the adversary used a sophisticated set of techniques, specifically targeting zero-day vulnerabilities. As a Certified Ethical Hacker (CEH) hired to understand this attack and propose preventive measures, which of the following actions will be most crucial for your initial analysis?

Options

• AIdentifying the specific tools used by the adversary for privilege escalation.
• BAnalyzing the initial exploitation methods, the adversary used.
• CChecking the persistence mechanisms used by the adversary in compromised systems.
• DInvestigating the data exfiltration methods used by the adversary.

Explanation

The question asks for the most crucial initial analysis step after a cyber-attack involving zero-day exploitation. Analyzing the initial exploitation methods is paramount for understanding how the adversary gained entry.

Common mistakes.

• A. Identifying privilege escalation tools occurs after initial access has been gained, making it a subsequent step rather than the initial analysis of how the attack began.
• C. Checking persistence mechanisms is typically performed after the initial breach and subsequent activities like privilege escalation, making it a later phase of attack analysis.
• D. Investigating data exfiltration methods happens towards the end of a successful attack, after initial compromise, privilege escalation, and data collection, and thus is not part of the initial analysis.

Concept tested. Initial access and exploitation analysis in incident response

Reference. https://attack.mitre.org/tactics/TA0001/

No community discussion yet for this question.