nerdexam
GIAC

GCIH · Question #654

An attacker has penetrated a network and is using lateral movement. Which defense will be effective?

The correct answer is C. Setting unique passwords for each local administrator and service account on the network. Lateral movement commonly exploits credential reuse across machines, so unique local administrator and service account passwords per host directly breaks this attack path.

Vulnerability Exploitation & Privilege Escalation

Question

An attacker has penetrated a network and is using lateral movement. Which defense will be effective?

Options

  • APrioritizing patches for vulnerabilities affecting public facing servers and web services
  • BConfiguring alert thresholds for Internet traffic sent to ports commonly used by attackers
  • CSetting unique passwords for each local administrator and service account on the network
  • DDual homing hosts that require access to both internal and external resources

How the community answered

(48 responses)
  • A
    19% (9)
  • B
    4% (2)
  • C
    71% (34)
  • D
    6% (3)

Why each option

Lateral movement commonly exploits credential reuse across machines, so unique local administrator and service account passwords per host directly breaks this attack path.

APrioritizing patches for vulnerabilities affecting public facing servers and web services

Patching public-facing servers addresses initial access vectors but does nothing to impede an attacker who has already gained internal access and is moving laterally.

BConfiguring alert thresholds for Internet traffic sent to ports commonly used by attackers

Alert thresholds on internet-bound traffic miss internal east-west lateral movement, which does not necessarily traverse the perimeter.

CSetting unique passwords for each local administrator and service account on the networkCorrect

Attackers performing lateral movement frequently dump local credential hashes (e.g., via pass-the-hash or credential dumping) and reuse them on other hosts that share the same local admin password. Assigning unique passwords to every local administrator and service account - enforceable via Microsoft LAPS - eliminates the ability to pivot using a single compromised credential across the entire network.

DDual homing hosts that require access to both internal and external resources

Dual-homing hosts expands the attack surface by giving internally compromised hosts direct network paths to external resources, worsening rather than limiting lateral movement.

Concept tested: Credential uniqueness to prevent lateral movement

Source: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview

Topics

#lateral movement#password hygiene#local administrator#service accounts

Community Discussion

No community discussion yet for this question.

Full GCIH Practice