CAS-005 · Question #509
CAS-005 Question #509: Real Exam Question with Answer & Explanation
The correct answer is C: EDR evasion. The attacker used EDR evasion by tunneling command-and-control traffic over HTTPS to a non- malicious IP. This hides the beaconing within legitimate encrypted traffic, bypassing detection even with deep packet inspection in place.
Question
A security engineer is reviewing logs and summarizes the following: - The target host communicates to an external IP address over HTTPS. - The external IP address was not categorized as malicious. - The company has a deep packet inspection system that supports HTTPS traffic. - The attack uses a known command-and-control tool to beacon from an affected host. Which of the following techniques did the attacker most likely use?
Options
- ARedirection
- BCustom BOF
- CEDR evasion
- DSteganography
Explanation
The attacker used EDR evasion by tunneling command-and-control traffic over HTTPS to a non- malicious IP. This hides the beaconing within legitimate encrypted traffic, bypassing detection even with deep packet inspection in place.
Community Discussion
No community discussion yet for this question.