312-50V13 · Question #604
In a recent cyber-attack against a large corporation, an unknown adversary compromised the network and began escalating privileges and lateral movement. The security team identified that the adversary
The correct answer is B. Analyzing the initial exploitation methods, the adversary used.. To understand a sophisticated cyber-attack involving zero-day vulnerabilities, the most crucial initial analysis for a CEH is to identify how the adversary initially gained access.
Question
Options
- AIdentifying the specific tools used by the adversary for privilege escalation.
- BAnalyzing the initial exploitation methods, the adversary used.
- CChecking the persistence mechanisms used by the adversary in compromised systems.
- DInvestigating the data exfiltration methods used by the adversary.
How the community answered
(60 responses)- A10% (6)
- B68% (41)
- C17% (10)
- D5% (3)
Why each option
To understand a sophisticated cyber-attack involving zero-day vulnerabilities, the most crucial initial analysis for a CEH is to identify how the adversary initially gained access.
Identifying tools for privilege escalation is important, but privilege escalation occurs after initial access; understanding the initial compromise (exploitation) takes precedence for the *initial* analysis.
Understanding the initial exploitation methods is paramount because it reveals the original entry point into the network and the specific zero-day vulnerability that was leveraged. This knowledge is essential for immediate containment of the breach, patching the vulnerability, and developing preventative measures to stop similar attacks from occurring in the future, forming the foundation for all subsequent incident response actions.
Checking persistence mechanisms is crucial for ensuring complete eradication of the threat, but it is a step taken after understanding the initial compromise and containing the immediate threat.
Investigating data exfiltration methods is a critical step to assess the impact of the breach, but it comes after understanding how the attacker gained entry and whether the data was accessible or moved, making initial exploitation analysis more crucial first.
Concept tested: Incident response methodology (initial exploitation analysis)
Source: https://learn.microsoft.com/en-us/security/operations/incident-response-overview
Topics
Community Discussion
No community discussion yet for this question.