GCIH · Question #654
An attacker has penetrated a network and is using lateral movement. Which defense will be effective?
The correct answer is C. Setting unique passwords for each local administrator and service account on the network. Lateral movement commonly exploits credential reuse across machines, so unique local administrator and service account passwords per host directly breaks this attack path.
Question
An attacker has penetrated a network and is using lateral movement. Which defense will be effective?
Options
- APrioritizing patches for vulnerabilities affecting public facing servers and web services
- BConfiguring alert thresholds for Internet traffic sent to ports commonly used by attackers
- CSetting unique passwords for each local administrator and service account on the network
- DDual homing hosts that require access to both internal and external resources
How the community answered
(48 responses)- A19% (9)
- B4% (2)
- C71% (34)
- D6% (3)
Why each option
Lateral movement commonly exploits credential reuse across machines, so unique local administrator and service account passwords per host directly breaks this attack path.
Patching public-facing servers addresses initial access vectors but does nothing to impede an attacker who has already gained internal access and is moving laterally.
Alert thresholds on internet-bound traffic miss internal east-west lateral movement, which does not necessarily traverse the perimeter.
Attackers performing lateral movement frequently dump local credential hashes (e.g., via pass-the-hash or credential dumping) and reuse them on other hosts that share the same local admin password. Assigning unique passwords to every local administrator and service account - enforceable via Microsoft LAPS - eliminates the ability to pivot using a single compromised credential across the entire network.
Dual-homing hosts expands the attack surface by giving internally compromised hosts direct network paths to external resources, worsening rather than limiting lateral movement.
Concept tested: Credential uniqueness to prevent lateral movement
Source: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview
Topics
Community Discussion
No community discussion yet for this question.