nerdexam
Exams312-50V13Questions#576
EC-CouncilEC-Council

312-50V13 · Question #576

312-50V13 Question #576: Real Exam Question with Answer & Explanation

The correct answer is A: Investigate for anomalies in file movements or unauthorized data access attempts within your. To confirm an Advanced Persistent Threat (APT), prioritizing investigation into anomalies in file movements or unauthorized data access is crucial, as APTs focus on stealthy persistence and data exfiltration.

Submitted by jaden.t· Mar 6, 2026Malware Threats

Question

During a comprehensive security assessment, your cybersecurity team at XYZ Corp stumbles upon signs that point toward a possible Advanced Persistent Threat (APT) infiltration in the network infrastructure. These sophisticated threats often exhibit subtle indicators that distinguish them from other types of cyberattacks. To confirm your suspicion and adequately isolate the potential APT, which of the following actions should you prioritize?

Options

  • AInvestigate for anomalies in file movements or unauthorized data access attempts within your
  • BScrutinize for repeat network login attempts from unrecognized geographical regions
  • CVigilantly monitor for evidence of zero-day exploits that manage to evade your firewall or antivirus
  • DSearch for proof of a spear-phishing attempt, such as the presence of malicious emails or risky

Explanation

To confirm an Advanced Persistent Threat (APT), prioritizing investigation into anomalies in file movements or unauthorized data access is crucial, as APTs focus on stealthy persistence and data exfiltration.

Common mistakes.

  • B. Repeat network login attempts from unrecognized geographical regions are a general indicator of brute-force attacks or compromised credentials, not specifically indicative of the stealth and persistence of an APT's internal activities.
  • C. While APTs may use zero-day exploits, simply monitoring for them is a reactive measure and doesn't directly confirm the presence of an ongoing APT, which often uses a combination of tactics and focuses on post-exploitation activities.
  • D. Spear-phishing is a common initial access vector for many types of attacks, including APTs, but finding evidence of it is an indicator of initial compromise, not the defining characteristic or primary confirmation of an ongoing APT's internal activities and persistence.

Concept tested. APT detection and indicators

Reference. https://learn.microsoft.com/en-us/microsoft-365/security/defender/advanced-persistent-threat?view=o365-worldwide

Topics

#APT#Incident response#Data exfiltration#Threat detection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V13 PracticeBrowse All 312-50V13 Questions