nerdexam
GIAC

GCIH · Question #718

An attacker has penetrated a network and is moving into the stage of pivoting throughout the network. Which defense mitigates this stage of the attack?

The correct answer is B. Creating two network interfaces for machines that require access to internal and external. Network segmentation using dual-homed machines with controlled interfaces limits lateral movement by containing an attacker within a single network segment.

Incident Response & Cyber Kill Chain

Question

An attacker has penetrated a network and is moving into the stage of pivoting throughout the network. Which defense mitigates this stage of the attack?

Options

  • ASetting unique password for each computer's local administrator
  • BCreating two network interfaces for machines that require access to internal and external
  • CAlerting on Internet traffic sent to ports commonly used by attack tools
  • DPrioritizing patching for public facing servers and web services

How the community answered

(24 responses)
  • A
    4% (1)
  • B
    58% (14)
  • C
    25% (6)
  • D
    13% (3)

Why each option

Network segmentation using dual-homed machines with controlled interfaces limits lateral movement by containing an attacker within a single network segment.

ASetting unique password for each computer's local administrator

Unique local administrator passwords (as implemented by LAPS) mitigate pass-the-hash and credential reuse attacks but do not create network-level barriers that block pivoting.

BCreating two network interfaces for machines that require access to internal and externalCorrect

Placing machines that require both internal and external access on two separate network interfaces - with strict firewall rules governing inter-segment traffic - creates enforced boundaries that prevent an attacker from freely traversing the network. This segmentation means that compromising one segment does not automatically grant access to adjacent segments. It directly disrupts the pivoting phase by requiring the attacker to overcome additional controls at each network boundary.

CAlerting on Internet traffic sent to ports commonly used by attack tools

Alerting on suspicious port traffic is a detection control that may trigger a response after pivoting has begun, not a preventive measure that stops the movement itself.

DPrioritizing patching for public facing servers and web services

Prioritizing patches on public-facing servers reduces the initial attack surface but does nothing to impede lateral movement once an attacker is already inside the network.

Concept tested: Network segmentation preventing lateral movement and pivoting

Source: https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf

Topics

#lateral movement#pivoting#network segmentation#defense mitigation

Community Discussion

No community discussion yet for this question.

Full GCIH Practice