CAS-005 · Question #27
CAS-005 Question #27: Real Exam Question with Answer & Explanation
The correct answer is A: Enforcing allow lists for authorized network pons and protocols. Since the attacker used steganographic techniques within LDAP to exfiltrate data, the most effective way to reduce the risk of reoccurrence is to enforce allow lists for authorized network ports and protocols. This limits the ability of attackers to use unauthorized protocols or
Question
A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware stack of a domain controller. The forensic team cryptographically validated that both the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LDAP. Which of the following is the best way to reduce the risk of reoccurrence?
Options
- AEnforcing allow lists for authorized network pons and protocols
- BMeasuring and attesting to the entire boot chain
- CRolling the cryptographic keys used for hardware security modules
- DUsing code signing to verify the source of OS updates
Explanation
Since the attacker used steganographic techniques within LDAP to exfiltrate data, the most effective way to reduce the risk of reoccurrence is to enforce allow lists for authorized network ports and protocols. This limits the ability of attackers to use unauthorized protocols or ports, which could help block hidden exfiltration methods like the one used in the incident.
Community Discussion
No community discussion yet for this question.