nerdexam
EC-Council

312-50V13 · Question #604

In a recent cyber-attack against a large corporation, an unknown adversary compromised the network and began escalating privileges and lateral movement. The security team identified that the adversary

The correct answer is B. Analyzing the initial exploitation methods, the adversary used.. To understand a sophisticated cyber-attack involving zero-day vulnerabilities, the most crucial initial analysis for a CEH is to identify how the adversary initially gained access.

Submitted by ravi_2018· Mar 6, 2026System Hacking

Question

In a recent cyber-attack against a large corporation, an unknown adversary compromised the network and began escalating privileges and lateral movement. The security team identified that the adversary used a sophisticated set of techniques, specifically targeting zero-day vulnerabilities. As a Certified Ethical Hacker (CEH) hired to understand this attack and propose preventive measures, which of the following actions will be most crucial for your initial analysis?

Options

  • AIdentifying the specific tools used by the adversary for privilege escalation.
  • BAnalyzing the initial exploitation methods, the adversary used.
  • CChecking the persistence mechanisms used by the adversary in compromised systems.
  • DInvestigating the data exfiltration methods used by the adversary.

How the community answered

(60 responses)
  • A
    10% (6)
  • B
    68% (41)
  • C
    17% (10)
  • D
    5% (3)

Why each option

To understand a sophisticated cyber-attack involving zero-day vulnerabilities, the most crucial initial analysis for a CEH is to identify how the adversary initially gained access.

AIdentifying the specific tools used by the adversary for privilege escalation.

Identifying tools for privilege escalation is important, but privilege escalation occurs after initial access; understanding the initial compromise (exploitation) takes precedence for the *initial* analysis.

BAnalyzing the initial exploitation methods, the adversary used.Correct

Understanding the initial exploitation methods is paramount because it reveals the original entry point into the network and the specific zero-day vulnerability that was leveraged. This knowledge is essential for immediate containment of the breach, patching the vulnerability, and developing preventative measures to stop similar attacks from occurring in the future, forming the foundation for all subsequent incident response actions.

CChecking the persistence mechanisms used by the adversary in compromised systems.

Checking persistence mechanisms is crucial for ensuring complete eradication of the threat, but it is a step taken after understanding the initial compromise and containing the immediate threat.

DInvestigating the data exfiltration methods used by the adversary.

Investigating data exfiltration methods is a critical step to assess the impact of the breach, but it comes after understanding how the attacker gained entry and whether the data was accessible or moved, making initial exploitation analysis more crucial first.

Concept tested: Incident response methodology (initial exploitation analysis)

Source: https://learn.microsoft.com/en-us/security/operations/incident-response-overview

Topics

#APT#zero-day exploitation#initial compromise#post-attack analysis

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice